Code Room
Code reviewHard
Question
Review this Go webhook-signature verifier.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
func verifySignature(payload []byte, sig string, secret []byte) bool { mac := hmac.New(sha256.New, secret) mac.Write(payload) expected := hex.EncodeToString(mac.Sum(nil)) return expected == sig} func handler(w http.ResponseWriter, r *http.Request) { body, _ := io.ReadAll(r.Body) if !verifySignature(body, r.Header.Get("X-Signature"), webhookSecret) { http.Error(w, "bad signature", 401) return } process(body)}Run or narrate your approach, then ask the coach.