importcryptofrom'crypto';import{NextApiRequest,NextApiResponse}from'next';importgetRawBodyfrom'raw-body';// Raw body is required for signature verificationexportconstconfig={api:{bodyParser:false}}asyncfunctionwebhookHandler(req:NextApiRequest,res:NextApiResponse){if (req.method==='POST') {constSECRET_KEY=process.env.SECRET_KEY;if (typeofSECRET_KEY!=='string') {thrownewError('No secret key found');} // Get the raw body of the requestconstrawBody=awaitgetRawBody(req); // Generate HMAC-SHA256 signature of the raw body using the secret keyconstsignature=hmacSha256(rawBody,SECRET_KEY); // Compare the generated signature with the 'x-lynn-hmac-sha256' headerif (signature!==req.headers['x-lynn-hmac-sha256']) {returnres.status(400).json({message:"Signature didn't match"});} // If the signature matches, parse the JSON bodyconstreceivedJson=JSON.parse(rawBody.toString());console.log('Received:',receivedJson); // Respond with a 200 OK statusres.status(200).end('OK');}else{ // If the request method is not POST, return 405 Method Not Allowedres.setHeader('Allow','POST');res.status(405).end('Method Not Allowed');}}// Function to generate HMAC-SHA256 signaturefunctionhmacSha256(data:Buffer,secret:string):string{returncrypto.createHmac('sha256',secret).update(data).digest('hex');}exportdefaultwebhookHandler;