MeInTheMatrix | Stripe Developers | Page 1

prime warrenBOT Jul 13, 2023, 10:42 PM

#

gleaming cypress Jul 13, 2023, 10:43 PM

#

Hello! That usually happens when you're either using the wrong Webhook Signing Secret, or when you're not passing the raw body of the incoming request to the event creation method.

#

Can you post your code in this thread instead of the main channel please?

balmy wraith Jul 13, 2023, 10:44 PM

#

Did you check out my code? thank tho

#

app.post("/webhook", express.raw({ type: "application/json" }), async (req, res) => {
  const sig = req.headers["stripe-signature"];
  const rawBody = req.body.toString('utf8');

  try {
    const event = stripe.webhooks.constructEvent(
      rawBody,
      sig,
      process.env.STRIPE_WEBHOOK_SECRET
    );

    // Handle the event based on its type
    switch (event.type) {
      case "checkout.session.completed":
        // Handle the successful completion of a checkout session
        const session = event.data.object;
        const order = await Order.findById(session.client_reference_id);
        order.status = "Paid";
        order.address = session.shipping.address;
        await order.save();
        break;
      // Add more cases to handle other webhook events as per your requirements
      default:
        console.log(`Unhandled event type: ${event.type}`);
    }

    res.sendStatus(200);
  } catch (err) {
    console.error(err);
    return res.status(400).send(`Webhook Error: ${err.message}`);
  }
});

#

I need help man

#

my Webhook Signing Secret is correct

gleaming cypress Jul 13, 2023, 10:46 PM

#

This is almost certainly not providing the raw body: const rawBody = req.body.toString('utf8');

#

Node middleware will often alter the body of the request before this code would run. Basically you need to extract a raw copy of the request early in the process before most or all other middleware runs.

balmy wraith Jul 13, 2023, 10:47 PM

#

I also tried JSON.stringify

#

but didn't work

gleaming cypress Jul 13, 2023, 10:48 PM

#

Yeah, you don't want to modify it at all. JSON.stringify modifies it.

#

You need the raw, unaltered, unparsed body.

#

There are several potential solutions in this thread: https://github.com/stripe/stripe-node/issues/341

#

Unfortunately there isn't a single "this always works" method when using Node.

balmy wraith Jul 13, 2023, 10:48 PM

#

Im on localhost btw

#

I will check the thread and see thanks

gleaming cypress Jul 13, 2023, 10:50 PM

#

One thing: if you're on localhost that means you're using stripe listen to forward the Events, correct?

balmy wraith Jul 13, 2023, 10:51 PM

#

yeah

#

stripe listen --forward-to localhost:3001/webhook

gleaming cypress Jul 13, 2023, 10:53 PM

#

Just want to be sure you're using the secret Stripe CLI is providing when you run that command, right?

#

The one where it says something like > Ready! You are using Stripe API Version [2020-08-27]. Your webhook signing secret is whsec_•••, you're using that whsec_ secret in your code?

balmy wraith Jul 13, 2023, 10:54 PM

#

yes

#

the secret is alright same secret from the dashboard

#

man this issue been bothering me for 2 days

#

is express.json() middlware causing this issue?

gleaming cypress Jul 13, 2023, 10:58 PM

#

Probably.

balmy wraith Jul 13, 2023, 10:59 PM

#

so what should I do ?

#

I'm using it globally for my other routes

gleaming cypress Jul 13, 2023, 11:00 PM

#

Add middleware before that which creates a raw copy of the body before any other middleware runs.

#

Then use that raw body for signature verification.

#MeInTheMatrix