[DEVPL-2717] add hmac verification method to JS SDK

[KeithRyanWong]

Description

Developer documentation will be updated to push users to use the SDK rather than build their own solution to verify signatures. The reason is because we may change signature generation in the future, and using the SDK will allow users to simply update the WebflowAPI package. This means that the function signature should remain the same between versions. However, because Request objects vary between server implementations, I don't think it's feasible to allow users to pass in the request-like object to the function and expect things to work. Since HMAC generation will always include a secret key, header information, and the request body– I think we can safely require users to pass in these parameters in the expected format without breaking them in the future.

1. If we need access to the request body fields, we can always transform it into a JSON object.
2. While headers may be subject to change, passing in the whole headers collection as a record allows us the flexibility to access whatever we need.

Here's a link to the related PR for updating the docs:
https://github.com/webflow/openapi-internal/pull/342

Usage

To use the new function, users will break the http request down into its relevant parts and pass them into the function, which will return a promise that resolves to a Boolean representing whether the signature is valid.

Example

 function incomingWebhookRouteHandler(req, res) {
     const headers = req.headers;
     const body = JSON.stringify(req.body);
     const secret = getWebhookSecret(WEBHOOK_ID);
     const isAuthenticated = await client.webhooks.verifySignature({ headers, body, secret });
     
     if (isAuthenticated) {
         // Process the webhook
     } else {
         // Alert the user that the webhook is not authenticated
     }
     res.sendStatus(200);
}
     

Test Plan

OAuth App generated webhooks

OAuth App generated webhooks will not have a secret key and will continue to use the associated Client Secret to verify HMAC signatures as detailed in the Working with Webhooks documentation
To test:

1. Generate a webhook through the Auth'd application
2. Trigger the webhook, setup your handler to pass in the Client Secret Key into the secret field of the RequestSignatureDetails object

New client only Secret Key

1. In the Webflow dashboard, navigate to a site's Apps & Integrations tab and add a new webhook
2. Add the generated Secret Key to your local application and setup your handler to pass it into the secret field of the RequestSignatureDetails object
3. Trigger the webhook

[KeithRyanWong]

For Webstorm workspace setup