node.js – WooCommerce Webhooks Auth(秘密和签名) – 如何使用

栏目: Node.js · 发布时间: 6年前

内容简介:翻译自:https://stackoverflow.com/questions/48135995/woocommerce-webhooks-auth-secret-signature-how-to-use
我正在尝试在 WooCommerce Webhook API

和我的Node.js后端之间创建集成.但是,我无法弄清楚我是如何使用秘密来验证请求的.

secret:一个可选的密钥,用于生成请求主体的HMAC-SHA256哈希,以便接收方可以验证webhook的真实性.

X-WC-Webhook-Signature:有效载荷的Base64编码HMAC-SHA256哈希.

WooCommerce后端:

(Hemmelighed =“秘密”)

node.js – WooCommerce Webhooks Auth(秘密和签名) – 如何使用

Nodejs后端:

var bodyParser = require('body-parser');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));

router.post('/', function (req, res) {
    var secret = 'ciPV6gjCbu&efdgbhfgj&¤"#&¤GDA';
    var signature = req.header("x-wc-webhook-signature");
    var hash = CryptoJS.HmacSHA256(req.body, secret).toString(CryptoJS.enc.Base64);

    if(hash === signature){
        res.send('match');
    } else {
        res.send("no match");
    }

});

资料来源: https://github.com/woocommerce/woocommerce/pull/5941

WooCommerce REST API source

哈希和签名不匹配.怎么了?

更新:

console.log返回以下值:

hash:pU9kXddJPY9MG9i2ZFLNTu3TXZA 85pnwfPqMr0dg0 =

签名:PjKImjr9Hk9MmIdUMc pEmCqBoRXA5f3Ac6tnji7exU =

hash(不带.toString(CryptoJS.enc.Base64)):a54f645dd7493d8f4c1bd8b66452cd4eedd35d903efbce699f07cfa8caf4760d

The signature needs to be checked against the body and not the JSON it contains. i.e. the raw bytes of the req.body .

首先修改bodyParser:

const rawBodySaver = (req, res, buf, encoding) => {
  if (buf && buf.length) {
    req.rawBody = buf.toString(encoding || 'utf8');
  }
};

app.use(bodyParser.json({ verify: rawBodySaver }));
app.use(bodyParser.urlencoded({ verify: rawBodySaver, extended: true }));
app.use(bodyParser.raw({ verify: rawBodySaver, type: '*/*' }));

然后,使用 crypto (它与节点一起分发,你不需要npm安装任何东西.)

import crypto from 'crypto'; //Let's try with built-in crypto lib instead of cryptoJS

router.post('/', function (req, res) {
  const secret = 'ciPV6gjCbu&efdgbhfgj&¤"#&¤GDA';
  const signature = req.header("X-WC-Webhook-Signature");

  const hash = crypto.createHmac('SHA256', secret).update(req.rawBody).digest('base64');

  if(hash === signature){
    res.send('match');
  } else {
    res.send("no match");
  }
});

翻译自:https://stackoverflow.com/questions/48135995/woocommerce-webhooks-auth-secret-signature-how-to-use


以上所述就是小编给大家介绍的《node.js – WooCommerce Webhooks Auth(秘密和签名) – 如何使用》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Inside Larry's and Sergey's Brain

Inside Larry's and Sergey's Brain

Richard Brandt / Portfolio / 17 Sep 2009 / USD 24.95

You’ve used their products. You’ve heard about their skyrocketing wealth and “don’t be evil” business motto. But how much do you really know about Google’s founders, Larry Page and Sergey Brin? Inside......一起来看看 《Inside Larry's and Sergey's Brain》 这本书的介绍吧!

HTML 压缩/解压工具
HTML 压缩/解压工具

在线压缩/解压 HTML 代码

RGB转16进制工具
RGB转16进制工具

RGB HEX 互转工具

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码