在 Node/Express 中驗證 pubsubhubbub 內容簽名
[英]Verify pubsubhubbub content signature in Node/Express
問題描述
我是 Express 的新手,我正在通過實施中間件來處理X-Hub-Signature如下所述: https : //pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.4.html#authednotify
在將請求傳遞到標准express.json()中間件以實際解碼正文之前,我想添加一個處理此問題的中間件。
var sigVerifier = function(req, res, next) {
var buf = '';
// Need to accumulate all the bytes... <--- HOW TO DO THIS?
// then calculate HMAC-SHA1 on the content.
var hmac = crypto.createHmac('sha1', app.get('client_secret'));
hmac.update(buf);
var providedSignature = req.headers['X-Hub-Signature'];
var calculatedSignature = 'sha1=' + hmac.digest(encoding='hex');
if (providedSignature != calculatedSignature) {
console.log(providedSignature);
console.log(calculatedSignature);
res.send("ERROR");
return;
}
next();
};
app.use(sigVerifier);
app.use(express.json());
1 個解決方案
解決方案1
1 已采納 2014-02-06 16:33:04
Express 對 json 使用 connect 的中間件。 您可以將選項對象傳遞給 json 正文解析器,以在繼續解析之前驗證內容。
function verifyHmac(req, res, buf) {
// then calculate HMAC-SHA1 on the content.
var hmac = crypto.createHmac('sha1', app.get('client_secret'));
hmac.update(buf);
var providedSignature = req.headers['X-Hub-Signature'];
var calculatedSignature = 'sha1=' + hmac.digest(encoding='hex');
if (providedSignature != calculatedSignature) {
console.log(
"Wrong signature - providedSignature: %s, calculatedSignature: %s",
providedSignature,
calculatedSignature);
var error = { status: 400, body: "Wrong signature" };
throw error;
}
}
app.use(express.json({verify: verifyHmac}));
在節點中安裝自定義SSL證書(UNABLE_TO_VERIFY_LEAF_SIGNATURE)
[英]Installing custom SSL certificate in Node (UNABLE_TO_VERIFY_LEAF_SIGNATURE)
Node.js 錯誤 SSL UNABLE_TO_VERIFY_LEAF_SIGNATURE
[英]Node.js error with SSL UNABLE_TO_VERIFY_LEAF_SIGNATURE
當openssl命令行執行時,Node.js驗證函數不驗證簽名
[英]Node.js verify function does not verify signature when openssl command line does
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.