#gaara3600

Yeah that's a common issue. Likely you have some middleware altered the request body before reaching the signature verification logic

Recommend to take a look at https://github.com/stripe/stripe-node/issues/341

this is my app file

import env from "dotenv";
import express from "express";
import cookieParser from "cookie-parser";
import cors from "cors";
import morgan from "morgan";
env.config();

const app = express();

// Use JSON parser for all non-webhook routes
app.use((req, res, next) => {
if (req.originalUrl === "/api/payment") {
next();
} else {
express.json()(req, res, next);
}
});

app.use(express.urlencoded({ extended: true }));

this is my payment route
router.post("/", express.raw({ type: "application/json" }), postPaymentHook);

working fine in the development environment but no in production

Can you try the suggestions in the issue? There were a few suggtions works for people

sure let me try

i have tried several methods but having the same issue

I have deployed the site to aws eks

@red stream

Um how is the production different to your test env?

nothing much only some credentails everything else is same

Both is AWS eks?

no development is on local machine

i have logged the
header signature and the body
their values are also correct
{
host: 'localhost:5000',
'user-agent': 'Stripe/1.0 (+https://stripe.com/docs/webhooks)',
'content-length': '2866',
accept: '/; q=0.5, application/xml',
'cache-control': 'no-cache',
'content-type': 'application/json; charset=utf-8',
'stripe-signature': 't=1706077765,v1=6d9ecd5f0fb546ad935e5c19411371f6ad3522e9b8a92cd3d444f1bb1c1686ed,v0=11749080686592dbd1647acf6fa011796bd8abd3f3e438a99b3c62b8b8d01137',
'accept-encoding': 'gzip'
}
<Buffer 7b 0a 20 20 22 69 64 22 3a 20 22 65 76 74 5f 31 4f 62 7a 78 68 4a 72 45 45 78 72 67 6b 36 41 56 57 4a 4a 43 69 6c 6b 22 2c 0a 20 20 22 6f 62 6a 65 63 ... 2816 more bytes>

Something on AWS should have altered it

on aws i am also getting the correct logs

Can you setup a Body Mapping Templet?

Something like this

this is the log from aws

{
'x-forwarded-for': '*******',
'x-forwarded-proto': 'https',
'x-forwarded-port': '443',
host: 'neuralcords.ai',
'x-amzn-trace-id': *******',
'content-length': '2866',
'content-type': 'application/json; charset=utf-8',
'cache-control': 'no-cache',
'user-agent': 'Stripe/1.0 (+https://stripe.com/docs/webhooks)',
accept: '/; q=0.5, application/xml',
'stripe-signature': 't=1706078389,v1=725e484f5b9ac32128c4345f2c6ae9f929a346cad2437402ce5e26008c246c59,v0=a29f6b32c02db8b94919929c76c7058dbdc684712aea2cd42ded2abb7064635d'
}
<Buffer 7b 0a 20 20 22 69 64 22 3a 20 22 65 76 74 5f 31 4f 63 30 37 6c 4a 72 45 45 78 72 67 6b 36 41 4c 4a 63 74 58 38 36 42 22 2c 0a 20 20 22 6f 62 6a 65 63 ... 2816 more bytes>
Webhook Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
Learn more about webhook signing and explore webhook integration examples for various frameworks at https://github.com/stripe/stripe-node#webhook-signing

do i have to set this up on amazon ?

Yeah. But hey before talking about amazon, can you try hosting in another different hosting provider? Let's see if that's only Amazon

a real server, not your local machine

mmmm let me check

but it requires a lot of modifications, the docker file is set for the deployment on only aws

any other workaround ?

uhm that would probably need the Body Mapping template above

can you guide on setting up the body mapping template

Wait are you using lambda, or just an eks server?

eks server

Um okie, can you share the code you are using to verify signature?

export const postPaymentHook = asyncHandler(async (req, res) => {
const sig = req.headers["stripe-signature"];

let event;
try {
event = stripe_obj.webhooks.constructEvent(
req.body,
sig,
process.env.STRIPE_WEBHOOK_SECRET
);
} catch (err) {
console.log(Webhook Error: ${err.message});
return res.status(404).send(Webhook Error: ${err.message});
}

switch (event.type) {
case "checkout.session.completed":
const checkoutSession = event.data.object;
const {
client_reference_id, // orderId
payment_status,
payment_intent,
created,
total_details,
} = checkoutSession;

 console.log(payment_status)

  break;
// ... handle other event types
default:
 console.log(`Unhandled event type ${event}`);

}

res.send().end();
});

req.body can you compare your local and your aws eks?

both are same as shared above

getting this on loggin the body
<Buffer 7b 0a 20 20 22 69 64 22 3a 20 22 65 76 74 5f 31 4f 63 30 37 6c 4a 72 45 45 78 72 67 6b 36 41 4c 4a 63 74 58 38 36 42 22 2c 0a 20 20 22 6f 62 6a 65 63 ... 2816 more bytes>

not using bodyParser?

using it
app.use((req, res, next) => {
if (req.originalUrl === "/api/payment") {
next();
} else {
express.json()(req, res, next);
}
});

app.use(express.urlencoded({ extended: true }));

this is my payment route
router.post("/", express.raw({ type: "application/json" }), postPaymentHook);

Hmm okie not sure what is causing this then

One moment

I am also confused
payment is also successful, only the hook is not working

one thing more
I am using the test secret key in the production

What does that mean?

i am using the test account credentials in the production enviroment

i am using the test mode in production as well

Yes, but do you use the correct webhook secret from your Dashboard?

for your configured URL in AWS EKS?

yes

The neuralcord.ai one, right?

yes

neuralcords.ai

The sequence of middleware matters for Express.js. The problem is probably occurring because you're calling express.json()(req, res, next); before it enters your route where you use express.raw({ type: "application/json" }). Maybe try commenting out express.json()(req, res, next); and see if that works.

I have set this up before

// Use JSON parser for all non-webhook routes
app
.use((req, res, next) => {
if (req.originalUrl === "/api/payment/stripe-webhook") {
next();
} else {
express.json()(req, res, next);
}
})
.use(express.urlencoded({ extended: true }));

then my route

router.post("/stripe-webhook", express.raw({ type: "/" }), postPaymentHook);

From the code snippet that you've pasted, the URL/paths are different. /api/payment/stripe-webhook is not the same as /stripe-webhook unless you're doing something special. Can you try commenting out express.json()(req, res, next); anyway and see what happens?

that is nested route
I will try removing it

i would also try commenting out .use(express.urlencoded({ extended: true }))

still same

to clarify, it works locally? and then it doesn't work in production (aws)?

yes

they payment is also succesful
the api secret, webhook secret, body, signature everything in the logs is as accurate as local development

ah, okay, sorry, that's likely not a code issue then, you'll want to uncomment those code again

did you change/update your webhook secret? I'm assuming you set up a different endpoint for production. Every endpoint has a different webhook secret.

it looks like you were using the CLI to forward webhooks previously. The CLI webhook secret is different from the webhook endpoint secret that is setup in the Dashbaord

on production i am using different webhook secret

then one that is generated for the production endpoint

since you've confirmed that the webhook secret is correct (make sure you log it during runtime and that the last 4 matches your production webhook secret), the only other possibility that I can think of is how AWS is configured. It's not something that I'm familiar with, but can you try searching online for how to configure your AWS to return the raw response body and try out a few possible solutions?

everything is correct
I will look for some other solutions

if you find anything let me know
or in your support team who is expert on this
kindly add him here

can you paste the last 4 of your webhook secret logged during runtime in production and share your account id so that we can verify too?