young zenith
i am trying to validate my incomming webkooks using crypto on nodeJS
.createHmac("sha1", process.env.WEBHOOK_SIG_KEY!)
.update(`http://my_domain:8000/appwrite/session${JSON.stringify(req.body)}`) // Make sure there isn't a space between the URL and body.
.digest("base64")``` this is what i came up reading the docs but its not the as the signature from the header. can anyone see what i am doing wrong?
neon dirge
i am trying to validate my incomming webkooks using crypto on nodeJS
``` let ...
FYI, this is the code: https://github.com/appwrite/appwrite/blob/61f04d5340f0fd9afd11e09f7f3ef53278e9882a/src/Appwrite/Platform/Workers/Webhooks.php#L93C36-L93C45
Maybe you have some whitespace differences between what's actually in the payload vs req.body. I've seen this happen when a string body is parsed before you actually handle it
young zenith
yes thank you got it to work. ```import express from "express";
import crypto from "crypto";
import appwriteSessions from "../controller/appwrite/sessions";
import type { Request, Response } from "express";
const router = express.Router();
const app = express();
app.use(express.raw({ type: "/" }));
// create middleware to log requests
router.use((req: Request, res: Response, next) => {
const signature = req.headers["x-appwrite-webhook-signature"];
if (!signature) {
return res.status(401).send("Unauthorized - No signature provided");
}
const payloadstring = req.body.toString();
const url = req.protocol + "://" + req.get("host") + req.originalUrl;
const checkSignaturestring: string = url + payloadstring;
let token = crypto
.createHmac("sha1", process.env.APPWRITE_WEBHOOK_SIGNATURE)
.update(checkSignaturestring) // Make sure there isn't a space between the URL and body.
.digest("base64");
if(token !== signature) {
return res.status(401).send("Unauthorized - Invalid signature");
}
next();
});
// router.use("/session", appwriteSessions);
export default router;