Macro Handler

Macro Handler

Android Automation Platform

Ready-to-use Code ExampleCryptoSecurityHMACWebhook

Webhook Signature Verification (HMAC-SHA256)

Signs a webhook payload with HMAC-SHA256 using a shared secret and verifies the incoming signature with a constant-time comparison. A plain `==` comparison leaks timing information; `Crypto.constantTimeEquals` removes that leak. Using HMAC + constant-time equality is the macro runtime's recommended integrity primitive (AES is intentionally absent).

Copyable Example Code

You can paste this into the code editor; still verify target image, region, color, text, and timing values in your own device flow.

lua
Try in Editor →
-- Webhook imza dogrulama / Webhook signature verification
-- Gonderici taraf: HMAC-SHA256 ile imzalar
-- Alici taraf:    ayni anahtar + sabit-sureli karsilastirma

local sharedSecret = "ornek-paylasilan-anahtar"
local payload = '{"event":"macro.completed","macroId":"abc123"}'

-- Imza uret (gonderici)
local signature = Crypto.hmacSha256(sharedSecret, payload)
toast("Imza: " .. signature:sub(1, 16) .. "...")

-- Simule edilen alinan imza
local receivedSignature = signature

-- Sabit-sureli karsilastirma — zamanlama saldirisina karsi guvenli
if Crypto.constantTimeEquals(signature, receivedSignature) then
  toast("Imza gecerli, payload guvenli")
else
  toast("Imza ESLESMIYOR — payload reddedildi")
end

-- Nonce orneği — replay saldirisi onleme
local nonce = Crypto.randomBytes(16)
local stampedPayload = payload .. "|" .. nonce
local stampedSig = Crypto.hmacSha256(sharedSecret, stampedPayload)
KV.set("son_nonce", nonce)

Implementation and Adaptation Notes

  • Before running, replace sample values such as image names, text, colors, coordinates, and file paths with your own macro values.
  • For examples that use Region or coordinates, retest the target area on different resolutions and DPI values.
  • Tune mScore, timeout, and scan rate in a test macro first, then move the verified values into the production macro.