#tom-webhook-signature

1 messages ยท Page 1 of 1 (latest)

stark fossilBOT
serene kiln
#

@raw hound hello! Sadly webhook signature verification can be extremely hard, especially if you also use Node.js. We're happy to try and help if you can provide detailed information about what you are doing and your environment

#

tom-webhook-signature

raw hound
# serene kiln <@394541695351652373> hello! Sadly webhook signature verification can be extreme...

That's nice that's exactly what I use ๐Ÿ˜ญ haha
I use NodeJS and Express
I thought the problem might come from the fact that i use express.json on all my routes, but i think this is fixed by now

Here is my index.js


require("dotenv").config();

const express = require('express');
const cors = require('cors');
const Kernel = require('./src/Kernel');
const app = express();
const { webHookRouter, router } = require('./src/Controller/Shop/Stripe');

app.use(cors());

app.use('/api/v1/webhook', webHookRouter);
app.use(express.json());
app.use(express.urlencoded({ extended: true })); // Pour parser application/x-www-form-urlencoded
app.use('/api/v1/', router);


app.set('prefix', '/api/v1/'); // localhost:3000/api/v1/

const src = new Kernel(app);
const server = src.getApp();
const PORT = 3000;

app.listen(PORT, () => {
    console.log(`Running on port ${PORT}`);
});
#

And here is my Stripe.js


const express = require("express");
const router = express.Router();
const webHookRouter = express.Router();
const sequelize = require("root-sequelize");
const {NotFound, BadRequest} = require("root-errors-handler");
const {isConnected} = require("../../Middleware/Jwt");
const stripe = require("stripe")(process.env.STRIPE_SECRET_KEY_WALLET);
const endpointSecret = (process.env.STRIPE_SECRET_KEY_WEBHOOK);

router
    .route("/create-checkout-session")
    .......
    });

webHookRouter
    .route('/')
    .post(express.raw({type: 'application/json'}), (req, res) => {
        const sig = req.headers['stripe-signature'];

        let event;

        try {
            event = stripe.webhooks.constructEvent(req.body, sig, endpointSecret);
        } catch (err) {
            console.log(err);
            res.status(400).send(`Webhook Error: ${err.message}`);
            return;
        }

        // Handle the event
        switch (event.type) {
            case 'checkout.session.async_payment_failed':
                const checkoutSessionAsyncPaymentFailed = event.data.object;
                // Then define and call a function to handle the event checkout.session.async_payment_failed
                break;
            case 'checkout.session.async_payment_succeeded':
                const checkoutSessionAsyncPaymentSucceeded = event.data.object;
                // Then define and call a function to handle the event checkout.session.async_payment_succeeded
                break;
            case 'checkout.session.completed':
                const checkoutSessionCompleted = event.data.object;
                // Then define and call a function to handle the event checkout.session.completed
                break;
            case 'checkout.session.expired':
                const checkoutSessionExpired = event.data.object;
                // Then define and call a function to handle the event checkout.session.expired
                break;
            // ... handle other event types
            default:
                console.log(`Unhandled event type ${event.type}`);
        }

        // Return a 200 response to acknowledge receipt of the event
        res.send();
    });

module.exports = { webHookRouter, router };
serene kiln
raw hound
#

I think the prblm don't come from the fact that i use express.json, i think i solved this
Now i have this error

message: 'No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?

I tried some things with the body, like add .toString(), but it doesn't seam to work neather

serene kiln
#

you definitely should never use toString() or anything like this.
For signature verification to work, we need the exact same payload we sent you. Anything that "tampers" with that payload, even adding extra spaces or commas will make the verification fail
That's what this github issue is all about: having numerous potential solutions depending on your own set up

raw hound
#

im gonna look again on the github issue
I know i shouldn't ^^ but i was like, well maybe it will work that way ๐Ÿ˜‚

serene kiln
#

yeah everyone thinks that which is fair. This feature is great but so damn hard to use with Node.js

#

Express tries to be helpful and goes "omg it's JSON, let me be nice and deserialize it for them" which is awesome in almost all cases except that one

#

and so now you have to play a game of guessing which magic incantation in that issue will solve the problem for you

#

we tried many things but it seems to be so specific to your environment, the best we can do is have that list (and new devs add theirs when they come up with one)

raw hound
#

Yeah that's true haha, i have a lot of routes, everything works just fine but this one ^^

#

I'll tell you if I find something to solve my prblm ! ^^

serene kiln
#

great!

stark fossilBOT
raw hound
#

Oh also, i forgot to mention that, it might have its importance

#

I'm still on a dev env

#

So to expose my API, i use ngrok

#

that's this url that i gave to create my webhook endpoint

#

It receives well the requests, but maybe ngrok do something that failed the requests

serene kiln
#

No ngrok just forwards, it's the tool most of us used before

#

I have to run but if you have more questions my colleague is in this thread to help