Code Room
Code reviewMediumcr-g252
Subject Auth bypassLevel Mid–Senior~25 minCommon in Security interviewsIndustries Software development

Question

Review this Node.js webhook signature check.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
function verifyWebhook(req) {  const sig = req.headers['x-signature'];  const expected = crypto    .createHmac('sha256', SECRET)    .update(req.rawBody)    .digest('hex');  if (sig === expected) {    return true;  }  return false;}
Run or narrate your approach, then ask the coach.