From ae5c3540b0b50356d924d662f46a62024e4d68ab Mon Sep 17 00:00:00 2001
From: cp <git@deh.li>
Date: Wed, 30 Oct 2024 07:49:15 -0400
Subject: [PATCH] fix JavaScript verifySignature example

---
 docs/server/extensions.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/server/extensions.md b/docs/server/extensions.md
index 186a9963..28445566 100644
--- a/docs/server/extensions.md
+++ b/docs/server/extensions.md
@@ -648,6 +648,7 @@ function verifySignature(Request $request) {
 **JavaScript**
 
 ```js
+import { createHmac, timingSafeEqual } from 'crypto'
 import { IncomingMessage } from 'http'
 
 const secret = '459824aaffa928e05f5b1caec411ae5f'
@@ -656,8 +657,8 @@ const verifySignature = (request: IncomingMessage): boolean => {
   const signature = Buffer.from(request.headers['x-hocuspocus-signature-256'] as string)
 
   const hmac = createHmac('sha256', secret)
-  const digest = Buffer.from(`sha256=${hmac.update(body).digest('hex')}`)
+  const digest = Buffer.from(`sha256=${hmac.update(request.body).digest('hex')}`)
 
-  return signature.length !== digest.length || timingSafeEqual(digest, signature)
+  return signature.length === digest.length && timingSafeEqual(digest, signature)
 }
 ```