[英]How SurveyMonkey API creates the hmac?
We are trying to verify that the SurveyMonkey hmac we receive (sm-signature) is correct.我们正在尝试验证我们收到的 SurveyMonkey hmac(sm 签名)是否正确。 To check this we create an hmac and compare it to SurveyMonkey's hmac.
为了检查这一点,我们创建了一个 hmac 并将其与 SurveyMonkey 的 hmac 进行比较。
We create the hmac as follows (we are working with nodejs):我们按如下方式创建 hmac(我们正在使用 nodejs):
let bodyString = JSON.stringify(req.body);
let body = Buffer.from(bodyString, "ascii");
let apiClientId = Buffer.from(surveyMonkeyClientId, "ascii");
let apiSecret = Buffer.from(surveyMonkeyApiSecret, "ascii");
let hmac = crypto
.createHmac('sha1', apiClientId+'&'+apiSecret)
.update(Buffer.from(body))
.digest()
.toString('base64');
We have verified this code with (it is with python): https://github.com/SurveyMonkey/public_api_docs/blob/main/includes/_webhooks.md我们已经使用(使用 python)验证了这段代码: https://github.com/SurveyMonkey/public_api_docs/blob/main/includes/_webhooks.md
But for some reason this doesn't work as expected.但由于某种原因,这并没有按预期工作。 Because the hmac we generated is not the same as the hmac generated by SurveyMonkey (sm-signature).
因为我们生成的hmac和SurveyMonkey(sm-signature)生成的hmac不一样。
Could someone help us?有人可以帮助我们吗? Thanks!
谢谢!
The problem is the signature, that comes with spaces between the json fields and when you do JSON.stringify this removes the spaces.问题是签名,它在 json 字段之间带有空格,当您执行 JSON.stringify 时,这会删除空格。
One possible solution is:一种可能的解决方案是:
let payloadString = JSON.stringify(req.body);
payloadString = payloadString.replace(/":/g, '": ');
payloadString = payloadString.replace(/,/g, ', ');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.