#gebna_webhooks

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1399775588310450246

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

here's my code:

export const POST: RequestHandler = async ({ request, platform }) => {
    const payload = Buffer.from(await request.arrayBuffer());
    const signature = request.headers.get('stripe-signature');
    if (!signature) return new Response('Missing signature', { status: 400 });
    const stripe = getStripe();

    let event: Stripe.Event;
    try {
        event = stripe.webhooks.constructEvent(payload, signature, env.SECRET_STRIPE_WEBHOOK);
    } catch (_err) {
        logger({ message: 'Bad signature', _err });
        return new Response('Bad signature', { status: 400 });
    }

    if (event.type === 'checkout.session.completed') {
        
    }

    return new Response(undefined, { status: 200 });
};

hi there, normally this kind of problem occurs when there's some middleware that is parsing the raw request body before it arrives at your handler https://docs.stripe.com/webhooks/signature#check-the-request-body you might check to see if there's some setting that would affect this

@fresh falcon thanks for the prompt resposne. Is there a way for me to make sure that is the problem ? Why is the error empty ?

I'm asking since that was my first suspect and I made sure I'm getting the raw body by consuming the arrayBuffer. So this shouldn't be the problem

what error are you referring to? from the try catch?

yes, the try catch here:

try {
        event = stripe.webhooks.constructEvent(payload, signature, env.SECRET_STRIPE_WEBHOOK);
    } catch (_err) {
        logger({ message: 'Bad signature', _err });
        return new Response('Bad signature', { status: 400 });
    }

that's very odd that the error is empty. normally it should say something like this if the event can't be parsed https://docs.stripe.com/webhooks/signature#:~:text=Webhook signature verification failed. does _err have any kind of structure to it? any attributes at all?

No properties, just an empty object.

👋 stepping in

Do you have an Event ID that you can share that you are testing with?

evt_1RqCm9PHWeKZo0VAWprMZWrG

This is the event of a real successful transaction

Okay yeah so your endpoint is returning a 400 with Bad signature. ..

Can you log out the payload and signature here?

Also I'd recommend doing this all in test mode here first.

Everything works in test mode. This behaviour only hapenned when I went to prod 😂

I can't send the request body here because of discord character limit

Oh hmm that's strange

I'll send you the signature momentarilly. I'll put the json payload in a file and send it as well.

Have you double checked the key you are using?

yes.

And the secret

I'll replace them for the fifth time. Just to make sure.

I'll replace them redeploy and retry the webhook

I made sure. All the tokens are correct

Okay and same error and do you have an Event ID and did you log out the payload/signature?

Even if you could just log/provide the first bit of the payload

"{"signature":"t=1753807498,v1=ae338e1443ee719e5dceddab6e333973bc4a8ee42616d5b710ae3625f262197c","payload":{"type":"Buffer","data":[123,10,32,32,34,105,100,34,58,32,34,101,118,116,95,49,82,113,67,109,57,80,72,87,101,75,90,111,48,86,65,87,112,114,77,90,87,114,71,34,44,10,32,32,34,111,98,106,101,99,116,34,58,32,34,101,118,101,110,116,34,44,10,32,32,34,97,112,105,95,118,101,114,115,105,111,110,34,58,32,34,50,48,50,53,45,48,54,45,51,48,46,98,97,115,105,108,34,44,10,32,32,34,99,114,101,97,116,101,100,34,58,32,49,55,53,51,55,57,50,54,50,49,44,10,32,32,34,100,97,116,97,34,58,32,123,10,32,32,32,32,34,111,98,106,101,99,116,34,58,32,123,10,32,32,32,32,32,32,34,105,100,34,58,32,34,99,115,95,108,105,118,101,95,97,49,115,75,102,120,51,97,71,85,109,83,76,85,80,65,83,97,121,99,108,57,65,80,87,48,56,66,71,53,111,112,76,71,102,86,66,98,122,111,110,57,55,66,80,106,53,108,112,85,70,55,88,89,72,78,68,67,34,44,10,32,32,32,32,32,32,34,111,98,106,101,99,116,34,58,32,34,99,104,101,99,107,111,117,116,46,115,101,115,115,105,111,110,34,44,10,32,32,32,32,32,32,34,97,100,97,112,116,105,118,101,95,112,114,105,99,105,110,103,34,58,32,123,10,32,32,32,32,32,32,32,32,34,101,110,97,98,108,101,100,34,58,32,116,114,117,101,10,32,32,32

the signature and the first bits of the payload

@sinful mirage sorry for the delay

All good! Can you provide the corresponding Event ID for that?

is that what you need ?

The evt_xxx

does it change across webhook invocations ?

evt_1RqCm9PHWeKZo0VAWprMZWrG

Ah you are just replaying the same one, didn't realize that.

Yes. I'm resending the webhook that didn't recieve a 200

Hmm yeah I mean that log looks fine. The signature matches what I see on my end so really don't think the signautre is the issue.

It is really strange that you wouldn't receive an error message here...

Litterally empty

"Bad Signature" is written by me.

Yep

Can you run a test where you change that error message?

I don't understand

try {
        logger({ signature, payload });
        event = stripe.webhooks.constructEvent(payload, signature, env.SECRET_STRIPE_WEBHOOK);
    } catch (_err) {
        logger({
            message: 'Bad signature',
            _err,
            errortype: typeof _err,
            props: Object.entries(_err as object),
        });
        return new Response('Bad signature', { status: 400 });
    }

what should I change ?\

Like let's try:

try {
        event = stripe.webhooks.constructEvent(payload, signature, env.SECRET_STRIPE_WEBHOOK);
    } catch (_err) {
        logger({ message: 'Bad signature test', _err });
        return new Response('Bad signature test', { status: 400, err: _err });
    }

Sure

I can't return err in the response

Because of the typing?

Can you stringify and append to the error string?

return new Response(_err, { status: 400, statusText: 'Bad signature test' });

deploying

I fired them @sinful mirage nothing changes

I see an actual error though

Error: SubtleCryptoProvider cannot be used in a synchronous context.
Use `await constructEventAsync(...)` instead of `constructEvent(...)`

So we are getting somewhere!

Now to figure that out...

It doesn't return a promise!

should I await regardless ? 😂

Hmm I guess we should try that... but yeah you shouldn't need to.

One sec, let me dig for a second.

Hmmm maybe https://github.com/stripe/stripe-node/issues/1942 will help

take your time

Are you using Cloudflare?

https://github.com/stripe-samples/stripe-node-cloudflare-worker-template/blob/main/src/index.js

Looks like that example does:

  const event = await stripe.webhooks.constructEventAsync(
            body,
            signature,
            STRIPE_WEBHOOK_SECRET
        );

Let's try that?

Same error 😐

What about your side ?

Shite sorry

I missed constructEventAsync

I'll retry

It worked

🎉

Thank you so much man constructEventAsync was it

Wahoo

Glad it is working

thank you again. I really appreciate it.

Very surprised this didn't error in test mode as well but 🤷‍♂️

Happy to help!

I believe my local environment runs on node.js, my deployment is workerd.
different javascript runtimes. might be the reason 🤷‍♂️

Ah! Yep that makes sense then.