From c4f16012fe73d51cdfbecb90fb7e894837b0f507 Mon Sep 17 00:00:00 2001
From: Autowebassat-blip <autowebassat@gmail.com>
Date: Fri, 12 Jun 2026 05:14:49 +0200
Subject: [PATCH] Accept spaced CoinPay signature parts

---
 apps/logicsrc-web/contract/logicsrc-web.contract.test.ts | 1 +
 apps/logicsrc-web/src/lib/coinpay.ts                     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/logicsrc-web/contract/logicsrc-web.contract.test.ts b/apps/logicsrc-web/contract/logicsrc-web.contract.test.ts
index ad12321..ff2640b 100644
--- a/apps/logicsrc-web/contract/logicsrc-web.contract.test.ts
+++ b/apps/logicsrc-web/contract/logicsrc-web.contract.test.ts
@@ -408,6 +408,7 @@ describe("POST /api/webhooks/coinpay", () => {
     const signature = createHmac("sha256", secret).update(`${timestamp}.${payload}`).digest("hex");
 
     expect(verifyCoinPayWebhook(payload, `t=${timestamp},v1=${signature}`, secret)).toBe(true);
+    expect(verifyCoinPayWebhook(payload, `t=${timestamp}, v1=${signature}`, secret)).toBe(true);
 
     const response = await coinpayWebhook(
       new NextRequest("http://localhost/api/webhooks/coinpay", {
diff --git a/apps/logicsrc-web/src/lib/coinpay.ts b/apps/logicsrc-web/src/lib/coinpay.ts
index aaa9fb9..2e21319 100644
--- a/apps/logicsrc-web/src/lib/coinpay.ts
+++ b/apps/logicsrc-web/src/lib/coinpay.ts
@@ -114,7 +114,7 @@ export function verifyCoinPayWebhook(
   }
 
   try {
-    const parts = signatureHeader.split(",");
+    const parts = signatureHeader.split(",").map((part) => part.trim());
     const timestamp = parts.find((part) => part.startsWith("t="))?.slice(2);
     const signature = parts.find((part) => part.startsWith("v1="))?.slice(3);
     if (!timestamp || !signature) {