Signature Verification

shop_id=${shop_id}&supporter_id=${supporter_id}&tier_id=${tier_id}&timestamp=${timestamp}

async function getHmacKey(secret) {
  const encoder = new TextEncoder();
  const keyData = encoder.encode(secret);
  return await crypto.subtle.importKey(
    'raw',
    keyData,
    { name: 'HMAC', hash: 'SHA-512' },
    false,
    ['sign', 'verify']
  );
}

async function verifySignature(params, hmacSignature, secret) {
  const { shopId, supporterId, tierId, timestamp } = params;

  const encoder = new TextEncoder();
  const key = await getHmacKey(secret);

  const data = `shop_id=${shopId}&supporter_id=${supporterId}&tier_id=${tierId}&timestamp=${timestamp}`;

  const messageData = encoder.encode(data);
  const signature = await crypto.subtle.sign('HMAC', key, messageData);

  const generatedSignatureHex = uint8ArrayToHex(new Uint8Array(signature));

  return generatedSignatureHex === hmacSignature;
}