条纹 Webhook 签名检查 - 节点 js - IBM Functions / OpenWhisk
[英]Stripe Webhook Signature Checks - Node js - IBM Functions / OpenWhisk
问题描述
There is some kind of encoding issue when I try to verify the signature for a Stripe Webhook.
当我尝试验证 Stripe Webhook 的签名时,存在某种编码问题。 I know it's not an issue with the Stripe package itself because I get different signatures when trying to manually hash the body data and compare the HMAC-256SHA signature with the signature from Stripe in the headers.我知道这不是 Stripe package 本身的问题,因为我在尝试手动 hash 正文数据并将 HMAC-256SHA 签名与标头中来自 Stripe 的签名进行比较时得到不同的签名。 I have tried so many different things to so many different parts, that it's possible I have had multiple mistakes.我对这么多不同的部分尝试了这么多不同的东西,以至于我可能有多个错误。
You're not able to see here, but the IBM Cloud Function has been set to pass raw HTTP data, and that's why you the decoding function being used.您在这里看不到,但 IBM Cloud Function 已设置为传递原始 HTTP 数据,这就是您使用解码 function 的原因。
The webhook is successful without verifying the signatures. webhook 成功,无需验证签名。
The error generated by the Stripe event function is, “No signatures found matching the expected signature for payload. Stripe 事件 function 生成的错误是“未找到与有效负载的预期签名匹配的签名。 Are you passing the raw request body you received from Stripe?”你是否传递了从 Stripe 收到的原始请求正文?”
Note: Errors are not handled correctly here while trying to debug this issue.注意:尝试调试此问题时,此处未正确处理错误。
const stripe = require('stripe')('sk_test_********’);
var crypto = require('crypto');
// tried with the CLI secret and the one from the dashboard.
const endpointSecret = 'whsec_****’;
// Convert the stripe signature in string format to a JSON object
function sig_conversion(data){
var sig_obj = {}
var data_list = data.split(",").map((x)=>x.split("="));
var data_json = data_list.map((x)=>{sig_obj[x[0]] = x[1]})
return sig_obj
}
function decode(args) {
var decoded = new Buffer.from(args.__ow_body, 'base64')//.toString('utf-8')
return {body: decoded}
}
function main(params){
//let sig = sig_conversion(params.__ow_headers['stripe-signature']);
let sig = params.__ow_headers['stripe-signature']
let signature = sig_conversion(params.__ow_headers['stripe-signature']);
//console.log(222, signature);
var data = decode(params);
let event;
// Trying to see the result from manually checking the signatures.
var signed_payload = data.body + "." + signature.t
var hmac = crypto.createHmac('sha256', endpointSecret);
var hmac_sig = hmac.update(signed_payload);
var gen_hmac= hmac_sig.digest('hex');
console.log(gen_hmac, 222, signature, 444)
try {
event = stripe.webhooks.constructEvent(JSON.parse(data.body), sig, endpointSecret);
//event = JSON.parse(data.body);
}
1 个解决方案
解决方案1
0 已采纳 2020-06-16 19:24:28
Here are some steps to help people trying the same thing (some of the steps are general steps not directly related to the problem from above).这里有一些步骤可以帮助人们尝试相同的事情(其中一些步骤是与上述问题没有直接关系的一般步骤)。
- Ensure that web actions are enabled under the Endpoints menu.确保在 Endpoints 菜单下启用 web 操作。
- Check the option for Raw HTTP handling under the same screen (Most of the documentation you will see is in relation to using Node.js + Express. The error that people experience in Express is the same, which is that the raw signature data in the header and the body data is needed for the verifying the signature. This applies to regardless of whether you are using Stripe's package or manually verifying the signatures.)在同一屏幕下检查 Raw HTTP 处理的选项(您将看到的大多数文档都与使用 Node.js + Express 有关。人们在 Express 中遇到的错误是相同的,即 Z099FB995E40DBF31C740F 中的原始签名数据验证签名需要正文数据。这适用于无论您是使用 Stripe 的 package 还是手动验证签名。)
- Process the body data from 'base64' encoding.处理来自“base64”编码的正文数据。
- If the endpoint secret from the Stripe CLI tool doesn't work, try the one from the dashboard;如果 Stripe CLI 工具中的端点密码不起作用,请尝试仪表板中的那个; and vice-versa.反之亦然。
Note: People using Google Cloud Functions or Pub-sub will likely have similar issues with signature verification.注意:使用 Google Cloud Functions 或 Pub-sub 的人可能会遇到类似的签名验证问题。
function decode(args) {
var decoded = new Buffer.from(args.__ow_body, 'base64')
return {body: decoded}
}
// Match the raw body to content type application/json
function main(params){
let sig = params.__ow_headers['stripe-signature']
var data = decode(params);
let event;
try {
event = stripe.webhooks.constructEvent(data.body, sig, endpointSecret);
}
// The rest is the same as the stripe boilerplate code.
catch (err) {
return {
body: {payload:''},
statusCode:200,
headers:{ 'Content-Type': 'application/json'}
};
}
// Handle the event
switch (event.type) {
case 'payment_intent.succeeded':
const paymentIntent = event.data.object;
console.log('PaymentIntent was successful!')
break;
case 'payment_method.attached':
const paymentMethod = event.data.object;
console.log('PaymentMethod was attached to a Customer!')
break;
// ... handle other event types
default:
// Unexpected event type
return {
body: {payload:''},
statusCode:200,
headers:{ 'Content-Type': 'application/json'}
};
}
// Return a response to acknowledge receipt of the event
return {
body: {payload:''},
statusCode:200,
headers:{ 'Content-Type': 'application/json'}
};
};
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.