diff --git a/webhook_verifier.go b/webhook_verifier.go index 794656f..75d7b4a 100644 --- a/webhook_verifier.go +++ b/webhook_verifier.go @@ -17,9 +17,6 @@ var ( // ErrInvalidSignatureFormat is returned when the signature format is invalid. ErrInvalidSignatureFormat = errors.New("invalid signature format") - - // ErrRequestExceedsExpectation is returned when the request exceeds the limit - ErrRequestExceedsExpectation = errors.New("request body size exceeds limit") ) // signatureRegexp matches the Paddle-Signature header format, e.g.: @@ -55,17 +52,14 @@ func (wv *WebhookVerifier) Verify(req *http.Request) (bool, error) { h1 := matches[0][2] const maxBodySize = 2 << 20 // 2 MB - limitedReader := io.LimitReader(req.Body, maxBodySize) - body, err := io.ReadAll(limitedReader) + req.Body = http.MaxBytesReader(nil, req.Body, maxBodySize) + + body, err := io.ReadAll(req.Body) if err != nil { return false, err } - if len(body) == maxBodySize { - return false, ErrRequestExceedsExpectation - } - req.Body = io.NopCloser(bytes.NewBuffer(body)) mac := hmac.New(sha256.New, wv.secretKey)