[英]Stripe Webhook Signature Checks - Node js - IBM Functions / OpenWhisk
There is some kind of encoding issue when I try to verify the signature for a Stripe Webhook.当我尝试验证 Stripe Webhook 的签名时,存在某种编码问题。 I know it's not an issue with the Stripe package itself because I get different signatures when trying to manually hash the body data and compare the HMAC-256SHA signature with the signature from Stripe in the headers.
我知道这不是 Stripe package 本身的问题,因为我在尝试手动 hash 正文数据并将 HMAC-256SHA 签名与标头中来自 Stripe 的签名进行比较时得到不同的签名。 I have tried so many different things to so many different parts, that it's possible I have had multiple mistakes.
我对这么多不同的部分尝试了这么多不同的东西,以至于我可能有多个错误。
You're not able to see here, but the IBM Cloud Function has been set to pass raw HTTP data, and that's why you the decoding function being used.您在这里看不到,但 IBM Cloud Function 已设置为传递原始 HTTP 数据,这就是您使用解码 function 的原因。
The webhook is successful without verifying the signatures. webhook 成功,无需验证签名。
The error generated by the Stripe event function is, “No signatures found matching the expected signature for payload. Stripe 事件 function 生成的错误是“未找到与有效负载的预期签名匹配的签名。 Are you passing the raw request body you received from Stripe?”
你是否传递了从 Stripe 收到的原始请求正文?”
Note: Errors are not handled correctly here while trying to debug this issue.注意:尝试调试此问题时,此处未正确处理错误。
const stripe = require('stripe')('sk_test_********’);
var crypto = require('crypto');
// tried with the CLI secret and the one from the dashboard.
const endpointSecret = 'whsec_****’;
// Convert the stripe signature in string format to a JSON object
function sig_conversion(data){
var sig_obj = {}
var data_list = data.split(",").map((x)=>x.split("="));
var data_json = data_list.map((x)=>{sig_obj[x[0]] = x[1]})
return sig_obj
}
function decode(args) {
var decoded = new Buffer.from(args.__ow_body, 'base64')//.toString('utf-8')
return {body: decoded}
}
function main(params){
//let sig = sig_conversion(params.__ow_headers['stripe-signature']);
let sig = params.__ow_headers['stripe-signature']
let signature = sig_conversion(params.__ow_headers['stripe-signature']);
//console.log(222, signature);
var data = decode(params);
let event;
// Trying to see the result from manually checking the signatures.
var signed_payload = data.body + "." + signature.t
var hmac = crypto.createHmac('sha256', endpointSecret);
var hmac_sig = hmac.update(signed_payload);
var gen_hmac= hmac_sig.digest('hex');
console.log(gen_hmac, 222, signature, 444)
try {
event = stripe.webhooks.constructEvent(JSON.parse(data.body), sig, endpointSecret);
//event = JSON.parse(data.body);
}
Here are some steps to help people trying the same thing (some of the steps are general steps not directly related to the problem from above).这里有一些步骤可以帮助人们尝试相同的事情(其中一些步骤是与上述问题没有直接关系的一般步骤)。
Note: People using Google Cloud Functions or Pub-sub will likely have similar issues with signature verification.注意:使用 Google Cloud Functions 或 Pub-sub 的人可能会遇到类似的签名验证问题。
function decode(args) {
var decoded = new Buffer.from(args.__ow_body, 'base64')
return {body: decoded}
}
// Match the raw body to content type application/json
function main(params){
let sig = params.__ow_headers['stripe-signature']
var data = decode(params);
let event;
try {
event = stripe.webhooks.constructEvent(data.body, sig, endpointSecret);
}
// The rest is the same as the stripe boilerplate code.
catch (err) {
return {
body: {payload:''},
statusCode:200,
headers:{ 'Content-Type': 'application/json'}
};
}
// Handle the event
switch (event.type) {
case 'payment_intent.succeeded':
const paymentIntent = event.data.object;
console.log('PaymentIntent was successful!')
break;
case 'payment_method.attached':
const paymentMethod = event.data.object;
console.log('PaymentMethod was attached to a Customer!')
break;
// ... handle other event types
default:
// Unexpected event type
return {
body: {payload:''},
statusCode:200,
headers:{ 'Content-Type': 'application/json'}
};
}
// Return a response to acknowledge receipt of the event
return {
body: {payload:''},
statusCode:200,
headers:{ 'Content-Type': 'application/json'}
};
};
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.