Javascript 使用HMAC sha256和base64编码请求正文
如何使用HMAC sha 256和base64对请求正文进行编码 我从xero webhook接收的请求对象Javascript 使用HMAC sha256和base64编码请求正文,javascript,node.js,sha256,hmac,xero-api,Javascript,Node.js,Sha256,Hmac,Xero Api,如何使用HMAC sha 256和base64对请求正文进行编码 我从xero webhook接收的请求对象 HEADER: "x-xero-signature" : HASH_VALUE PAYLOAD: { "events": [], "lastEventSequence": 0, "firstEventSequence": 0, "entropy&qu
HEADER:
"x-xero-signature" : HASH_VALUE
PAYLOAD:
{
"events": [],
"lastEventSequence": 0,
"firstEventSequence": 0,
"entropy": "S0m3r4Nd0mt3xt"
}
xero文档中的注释说:“如果使用HMACSHA256对负载进行哈希处理,并使用webhook签名密钥和base64编码,那么它应该与标头中的签名相匹配。这是一个正确签名的负载。如果签名与哈希后的负载不匹配,则是一个错误签名的负载。”
我举了一个例子:
嘿,我最近在Xero上做了一个关于实现webhooks的讨论,如果这能让你摆脱困境,请告诉我。我发现,试图以您所采用的方式在路由上传递itrBodyParser对我来说不起作用,因此我在特定的webhooks端点上使用app.use语句进行了切换。如果你更喜欢书面指南而不是视频,下面是我用这个解决方案解决的问题。!我使用的是express framework,请求也不是原始请求。的toString没有像xero文档中提到的那样工作
const server = http.createServer(async (req, resp) => {
try {
console.log(`::::Webhook::: ${webhookPort}`);
console.log("::::x-xero-signature:::");
console.log(req.headers["x-xero-signature"]);
console.log(`--------------------------------------`);
if (req.method === "POST") {
if(req.headers["x-xero-signature"]){
const rData = await new Promise((resolve, reject) => {
return collectRequestData(req, (result) => {
console.log(result);
let hmac = crypto
.createHmac("sha256", xero_webhook_key)
.update(result)
.digest("base64");
console.log("Resp Signature: ", hmac);
return resolve({
hmac,result
});
});
});
console.log(">>Resp Signature: ", rData);
console.log('>>x-xero-signature:::',req.headers["x-xero-signature"]);
if(rData.result){
const result = JSON.parse(rData.result);
console.log('result:::',result);
for(let { resourceId } of result.events) {
console.log('::INVOICE ID = ',resourceId);
getInvoiceData(resourceId);
}
}
if(rData.hmac == req.headers["x-xero-signature"] ){
console.log('::YES');
resp.statusCode = 200;
}else{
console.log('::NO');
resp.statusCode = 401;
}
}
resp.end();
}
console.log("::::Webhookgetsssss:::");
resp.message = 'Get API'
resp.end();
} catch (error) {
resp.statusCode = 200;
resp.end();
}
});
server.listen(webhookPort);
function collectRequestData(request, callback) {
let body = "";
request.on("data", (chunk) => {
body += chunk.toString();
});
request.on("end", () => {
callback(body);
});
}
我试过同样的方法,也试过类似的方法。我刚刚发布了对我有效的解决方案。request.payload.toString()或body.toString()对我无效。
const server = http.createServer(async (req, resp) => {
try {
console.log(`::::Webhook::: ${webhookPort}`);
console.log("::::x-xero-signature:::");
console.log(req.headers["x-xero-signature"]);
console.log(`--------------------------------------`);
if (req.method === "POST") {
if(req.headers["x-xero-signature"]){
const rData = await new Promise((resolve, reject) => {
return collectRequestData(req, (result) => {
console.log(result);
let hmac = crypto
.createHmac("sha256", xero_webhook_key)
.update(result)
.digest("base64");
console.log("Resp Signature: ", hmac);
return resolve({
hmac,result
});
});
});
console.log(">>Resp Signature: ", rData);
console.log('>>x-xero-signature:::',req.headers["x-xero-signature"]);
if(rData.result){
const result = JSON.parse(rData.result);
console.log('result:::',result);
for(let { resourceId } of result.events) {
console.log('::INVOICE ID = ',resourceId);
getInvoiceData(resourceId);
}
}
if(rData.hmac == req.headers["x-xero-signature"] ){
console.log('::YES');
resp.statusCode = 200;
}else{
console.log('::NO');
resp.statusCode = 401;
}
}
resp.end();
}
console.log("::::Webhookgetsssss:::");
resp.message = 'Get API'
resp.end();
} catch (error) {
resp.statusCode = 200;
resp.end();
}
});
server.listen(webhookPort);
function collectRequestData(request, callback) {
let body = "";
request.on("data", (chunk) => {
body += chunk.toString();
});
request.on("end", () => {
callback(body);
});
}