plivo
validateSignature does not work
The validateSignature function described in the docs to validate signatures for incoming webhook requests from Plivo never matches correctly. It appears almost that the X-Plivo-Signature-V2 and X-Plivo-Signature-Ma-V2 headers have the incorrect value. I have also tried manually validating the signatures and still come up with a different result than what is in the headers. From the docs at https://www.plivo.com/docs/verify/concepts/signature-validation:
You can generate the signature by calculating the keyed hash message authentication code (HMAC) with these parameters:
Key — Your Plivo Auth Token
Message — Base URI appended with X-Plivo-Signature-V2-Nonce. For example, if the base URI is https://<yourdomain>.com/answer/ and X-Plivo-Signature-V2-Nonce is 05429567804466091622, the message will be https://<yourdomain>.com/answer/05429567804466091622.
Hashing Function — SHA256
The below manual calculation also does not match the provided header values:
const hmac = crypto.createHmac('sha256', auth_token).update(`https://mysite.com/callback/${nonce}`).digest('base64');
Additionally, the validateSignature function appears to have unnecessary code at https://github.com/plivo/plivo-node/blob/03c3cdc542aa67feff3f7b41c17cf59101c79c9f/lib/utils/security.js#L31
let hmacBytes = base64.decode(hmac.update(base_url+nonce).digest('base64'));
let authentication_string = base64.encode(hmacBytes);
It appears the above could be simplified to the below, instead of decoding and then re-encoding the value again:
let authentication_string = hmac.update(base_url+nonce).digest('base64');
