Webhooks

// Create webhook endpoint
app.post('/webhooks/zkscore', (req, res) => {
  const { type, data } = req.body;
  
  switch (type) {
    case 'score.updated':
      handleScoreUpdate(data);
      break;
    case 'achievement.claimed':
      handleAchievementClaim(data);
      break;
  }
  
  res.status(200).send('OK');
});

function handleScoreUpdate(data) {
  console.log(`Score updated for ${data.user}: ${data.old_score} → ${data.new_score}`);
  // Update your application state
}

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return signature === `sha256=${expectedSignature}`;
}

// In your webhook handler
app.post('/webhooks/zkscore', (req, res) => {
  const signature = req.headers['x-zkscore-signature'];
  const payload = JSON.stringify(req.body);
  
  if (!verifyWebhookSignature(payload, signature, process.env.WEBHOOK_SECRET)) {
    return res.status(401).send('Invalid signature');
  }
  
  // Process webhook
});