feat(bot): add signature verification logging

- Added info-level logging to provide details about signature verification, including secret length and partial hashes for expected and received signatures. - Helps in debugging signature mismatches without exposing full sensitive data.
2026-02-03 16:23:14 +01:00 · 2026-02-03 16:23:14 +01:00 · 33937ab115
commit 33937ab115
parent d5967cf392
1 changed files with 5 additions and 3 deletions
--- a/systems/x86_64-linux/mx/nextcloud-claude-bot/bot.py
+++ b/systems/x86_64-linux/mx/nextcloud-claude-bot/bot.py
@ -61,17 +61,19 @@ def verify_signature(body: bytes, signature: str) -> bool:
    if not BOT_SECRET:
        log.warning("No bot secret configured, skipping signature verification")
        return True
-    
+
    expected = hmac.new(
        BOT_SECRET.encode(),
        body,
        hashlib.sha256
    ).hexdigest()
-    
+
    # Nextcloud sends: sha256=<hex>
    if signature.startswith("sha256="):
        signature = signature[7:]
-    
+
+    log.info(f"Signature verification: secret_len={len(BOT_SECRET)}, expected={expected[:16]}..., received={signature[:16]}...")
+
    return hmac.compare_digest(expected, signature)