"""Xynex · Python 3.9+ · Verify webhook signature (Flask).

    pip install flask
    XYNEX_WEBHOOK_SECRET=whsec_... python python-verify-webhook.py
"""
from __future__ import annotations

import hashlib
import hmac
import os
import sys

from flask import Flask, abort, request

SECRET = os.environ.get("XYNEX_WEBHOOK_SECRET")
if not SECRET:
    sys.exit("Set XYNEX_WEBHOOK_SECRET first.")

app = Flask(__name__)


@app.post("/webhooks/xynex")
def webhook():
    signature = request.headers.get("x-xynex-signature", "")
    raw = request.get_data()  # IMPORTANT: raw bytes, not parsed JSON
    expected = hmac.new(SECRET.encode(), raw, hashlib.sha256).hexdigest()
    if not hmac.compare_digest(signature, expected):
        abort(401, "invalid signature")

    event = request.get_json(silent=True) or {}
    print("Got event:", event.get("event"), event.get("data", {}).get("id"))
    return "ok", 200


if __name__ == "__main__":
    app.run(port=3000)
