保护 uber webhook 不工作
Securing uber webhook not working
出于某种原因我无法完成这项工作
require crypto = require('crypto')
const hmac = crypto.createHmac('sha256', 'clientSecret')
const hash = hmac.update(JSON.stringify(req.body)).digest('hex')
if (hash !== req.header('X-Uber-Signature')) {
return res.json('something is wrong ' + hash + ' ' + req.header('X-Uber-Signature'))
}
return res.json('you got in!')
我正在按照此处的说明进行操作 https://developer.uber.com/docs/riders/guides/webhooks#security
但哈希生成不同的值
也欢迎其他方法。
这是 Python 中用于验证 webhook 的有效实现:
import hmac
import hashlib
# Compute hmac sha256 signature from payload + client secret
digester = hmac.new(
UBER_CLIENT_SECRET,
request.data,
hashlib.sha256
)
# Parse json post data
event = request.get_json(force=True)
# Validate webhook signature for our app
if request.headers.get('X-Uber-Signature') == digester.hexdigest():
pass
我遇到了同样的问题。 Uber 发送 json,在键和值前加空格。像这样
{"event_id": "...", "resource_href": "...", "meta": {"status": "...", "rider_id": "...", "user_id": "...", "resource_id": "..."}, "event_type": "...", "event_time": ...}
您可以在激活 boryparser 之前执行此操作。并根据这些数据创建十六进制
app.use(function (req, res, next) {
let data = "";
req.on('data', function(chunk){data += chunk});
req.on('end', function(){
req.jsonBody = JSON.parse(data);
req.rawBody = data;
req.originalUberReq = data;
});
next();
});
然后
const hash = crypto.createHmac('sha256', secret)
.update(req.originalUberReq)
.digest('hex');
出于某种原因我无法完成这项工作
require crypto = require('crypto')
const hmac = crypto.createHmac('sha256', 'clientSecret')
const hash = hmac.update(JSON.stringify(req.body)).digest('hex')
if (hash !== req.header('X-Uber-Signature')) {
return res.json('something is wrong ' + hash + ' ' + req.header('X-Uber-Signature'))
}
return res.json('you got in!')
我正在按照此处的说明进行操作 https://developer.uber.com/docs/riders/guides/webhooks#security
但哈希生成不同的值
也欢迎其他方法。
这是 Python 中用于验证 webhook 的有效实现:
import hmac
import hashlib
# Compute hmac sha256 signature from payload + client secret
digester = hmac.new(
UBER_CLIENT_SECRET,
request.data,
hashlib.sha256
)
# Parse json post data
event = request.get_json(force=True)
# Validate webhook signature for our app
if request.headers.get('X-Uber-Signature') == digester.hexdigest():
pass
我遇到了同样的问题。 Uber 发送 json,在键和值前加空格。像这样
{"event_id": "...", "resource_href": "...", "meta": {"status": "...", "rider_id": "...", "user_id": "...", "resource_id": "..."}, "event_type": "...", "event_time": ...}
您可以在激活 boryparser 之前执行此操作。并根据这些数据创建十六进制
app.use(function (req, res, next) {
let data = "";
req.on('data', function(chunk){data += chunk});
req.on('end', function(){
req.jsonBody = JSON.parse(data);
req.rawBody = data;
req.originalUberReq = data;
});
next();
});
然后
const hash = crypto.createHmac('sha256', secret)
.update(req.originalUberReq)
.digest('hex');