Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/node.js/38.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Node.js WooCommerce Webhooks Auth(机密和签名)-如何使用_Node.js_Wordpress_Api_Hash_Woocommerce - Fatal编程技术网
Fatal编程技术网
  • node.js/
  • Node.js WooCommerce Webhooks Auth(机密和签名)-如何使用

Node.js WooCommerce Webhooks Auth(机密和签名)-如何使用

node.js wordpress api hash woocommerce

Node.js WooCommerce Webhooks Auth(机密和签名)-如何使用,node.js,wordpress,api,hash,woocommerce,Node.js,Wordpress,Api,Hash,Woocommerce,我正在尝试在和Node.js后端之间创建集成。然而,我真的不知道如何使用这个秘密来验证请求 secret:一个可选密钥,用于生成请求正文的HMAC-SHA256哈希,以便接收方可以验证webhook的真实性 X-WC-Webhook-Signature:Base64编码的有效负载HMAC-SHA256哈希 WooCommerce后端: (Hemmelighed=“秘密”) Nodejs后端: var bodyParser = require('body-parser'); app.use(bo

我正在尝试在和Node.js后端之间创建集成。然而,我真的不知道如何使用这个秘密来验证请求

secret:
一个可选密钥,用于生成请求正文的
HMAC-SHA256
哈希,以便接收方可以验证webhook的真实性

X-WC-Webhook-Signature:
Base64编码的有效负载HMAC-SHA256哈希

WooCommerce后端: (Hemmelighed=“秘密”)

Nodejs后端:

var bodyParser = require('body-parser');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));

router.post('/', function (req, res) {
    var secret = 'ciPV6gjCbu&efdgbhfgj&¤"#&¤GDA';
    var signature = req.header("x-wc-webhook-signature");
    var hash = CryptoJS.HmacSHA256(req.body, secret).toString(CryptoJS.enc.Base64);

    if(hash === signature){
        res.send('match');
    } else {
        res.send("no match");
    }

});
资料来源:

哈希和签名不匹配。怎么了

更新: 
console.log
返回以下值:

hash
:pu9kxddjpy9mg9i2zflntu3txa++85pnwfPqMr0dg0=

签名
:pjkimjr9hk9mmidum+pEmCqBoRXA5f3Ac6tnji7exU=

散列(不带.toString(CryptoJS.enc.Base64))
:a54f645dd7493d8f4c1bd8b66452cd4eedd35d903efbce699f07cfa8caf4760d

签名需要根据正文而不是它包含的JSON进行检查。i、 e.请求正文的原始字节

首先修改
bodyParser
: 然后,使用(它与节点一起分发,您不需要
npm安装任何东西。)

我希望下面能为大家节省一些时间


// Make sure to add a WISTIA_SECRET_KEY in your Environment Variables
// See https://docs.pipedream.com/environment-variables/
const secret = process.env.SELF_AUTOMATE_KEY;
const signature = event.headers["x-wc-webhook-signature"];
const body = steps.trigger.raw_event["body_b64"];
const clean_Body = body.replace("body_b64: ", "");
//const body = steps.trigger.raw_event;
console.log(event.headers["x-wc-webhook-signature"]);

console.log("Print Body", clean_Body);

if (process.env.SELF_AUTOMATE_KEY === undefined) {
  $end("No WISTIA_SECRET_KEY environment variable defined. Exiting.")
}

if (!("x-wc-webhook-signature" in event.headers)) {
  $end("No x-wc-webhook-signature header present in the request. Exiting.")
}

// Once we've confirmed we have a signature, we want to 
// validate it by generating an HMAC SHA-256 hexdigest
const crypto = require('crypto');

const hash = crypto.createHmac('sha256',
  secret).update(JSON.stringify(clean_Body), 'base64').digest('base64');



console.log(hash);
// $end() ends the execution of a pipeline, presenting a nice message in the "Messages"
// column in the inspector above. See https://docs.pipedream.com/notebook/code/#end
if (hash !== signature) {
  $end("The correct secret key was not passed in the event. Exiting!")
}



您是否正在使用
bodyParser
req.body
不一定是字符串。@fingeron是的,我使用的是bodyParser。我已经更新了代码片段。我尝试了var body=req.body.toString('utf8');同样,但没有帮助。@Unico是否为哈希和签名添加console.log()。(不带toString()的哈希添加带toString())@gokc我已经更新了问题。@gokc很抱歉耽搁了。我还没来得及去看看。我昨天实现了您的解决方案,但出现了一些错误。我没有时间修理这些。今天我将更深入地研究你的答案。你自己测试过吗?谢谢。您需要将请求标头[“”]更改为请求标头(“”)。很抱歉,签名和哈希不匹配。这些是实现缓冲区后的输出:hash:pu9kxddjpy9mg9i2zflntu3txa++85pnwfpqmmr0dg0=signature:2Od/YW7laO4EtqdsO3CvOcXPTIeFCY5qVZdKdWSJcKU=如果我删除bodyparser,req.body就是空的。我已经尝试过将私钥更改为更简单的方式——这也没有帮助。我相信bodyparser是访问主体所必需的;尽管如此,我不确定如何以不同的方式访问它。@Unicco是的,没错,我们需要bodyParser来访问req.body。我已经更新了答案,你能再检查一下吗?特别是,试试第二种方法。谢谢。我会尽快尝试这些方法,并让您知道。

import crypto from 'crypto'; //Let's try with built-in crypto lib instead of cryptoJS

router.post('/', function (req, res) {
  const secret = 'ciPV6gjCbu&efdgbhfgj&¤"#&¤GDA';
  const signature = req.header("X-WC-Webhook-Signature");

  const hash = crypto.createHmac('SHA256', secret).update(req.rawBody).digest('base64');

  if(hash === signature){
    res.send('match');
  } else {
    res.send("no match");
  }
});



// Make sure to add a WISTIA_SECRET_KEY in your Environment Variables
// See https://docs.pipedream.com/environment-variables/
const secret = process.env.SELF_AUTOMATE_KEY;
const signature = event.headers["x-wc-webhook-signature"];
const body = steps.trigger.raw_event["body_b64"];
const clean_Body = body.replace("body_b64: ", "");
//const body = steps.trigger.raw_event;
console.log(event.headers["x-wc-webhook-signature"]);

console.log("Print Body", clean_Body);

if (process.env.SELF_AUTOMATE_KEY === undefined) {
  $end("No WISTIA_SECRET_KEY environment variable defined. Exiting.")
}

if (!("x-wc-webhook-signature" in event.headers)) {
  $end("No x-wc-webhook-signature header present in the request. Exiting.")
}

// Once we've confirmed we have a signature, we want to 
// validate it by generating an HMAC SHA-256 hexdigest
const crypto = require('crypto');

const hash = crypto.createHmac('sha256',
  secret).update(JSON.stringify(clean_Body), 'base64').digest('base64');



console.log(hash);
// $end() ends the execution of a pipeline, presenting a nice message in the "Messages"
// column in the inspector above. See https://docs.pipedream.com/notebook/code/#end
if (hash !== signature) {
  $end("The correct secret key was not passed in the event. Exiting!")
}