Help with Cloudflare Web Crypto for verifying webhook signature.

I want to verify the webhook sender. Since I am using Worker, then I have to use web crypto for the hash matching. This is my code:
try {
const eventType = req.headers.get("X-Event-Name");
const body = await req.json();

const secret = process.env.WEBHOOK_SECRET as string;

const encoder = new TextEncoder();
const bodyArrayBuffer = encoder.encode(JSON.stringify(body));

const hmacKey = await crypto.subtle.importKey(
"raw",
encoder.encode(secret),
{ name: "HMAC", hash: "SHA-256" },
false,
["sign"]
);

const hmacDigest = await crypto.subtle.sign(
"HMAC",
hmacKey,
bodyArrayBuffer
);

const hexString = Array.from(new Uint8Array(hmacDigest))
.map((byte) => byte.toString(16).padStart(2, "0"))
.join("");

// const signature = Buffer.from(req.headers.get("X-Signature") || "", "utf8");
const signature = req.headers.get("x-signature") || "";

console.log("LemonSqueezy Signature", signature);
console.log("Hex String", hexString);

if (hexString !== signature) {
throw new Error("Invalid signature.");
}

console.log(body);

if (eventType === "order_created") {
const userEmail: string = body.data.attributes.user_email;
const userName: string = body.data.attributes.user_name;
const isSuccessful = body.data.attributes.status === "paid";
}

return new Response(JSON.stringify({ message: "Webhook received" }), {
headers: { "Content-Type": "application/json" },
});
} catch (err) {
console.error(err);
return new Response(JSON.stringify({ message: "Server error" }), {
status: 500,
headers: { "Content-Type": "application/json" },
});
}
try {
const eventType = req.headers.get("X-Event-Name");
const body = await req.json();

const secret = process.env.WEBHOOK_SECRET as string;

const encoder = new TextEncoder();
const bodyArrayBuffer = encoder.encode(JSON.stringify(body));

const hmacKey = await crypto.subtle.importKey(
"raw",
encoder.encode(secret),
{ name: "HMAC", hash: "SHA-256" },
false,
["sign"]
);

const hmacDigest = await crypto.subtle.sign(
"HMAC",
hmacKey,
bodyArrayBuffer
);

const hexString = Array.from(new Uint8Array(hmacDigest))
.map((byte) => byte.toString(16).padStart(2, "0"))
.join("");

// const signature = Buffer.from(req.headers.get("X-Signature") || "", "utf8");
const signature = req.headers.get("x-signature") || "";

console.log("LemonSqueezy Signature", signature);
console.log("Hex String", hexString);

if (hexString !== signature) {
throw new Error("Invalid signature.");
}

console.log(body);

if (eventType === "order_created") {
const userEmail: string = body.data.attributes.user_email;
const userName: string = body.data.attributes.user_name;
const isSuccessful = body.data.attributes.status === "paid";
}

return new Response(JSON.stringify({ message: "Webhook received" }), {
headers: { "Content-Type": "application/json" },
});
} catch (err) {
console.error(err);
return new Response(JSON.stringify({ message: "Server error" }), {
status: 500,
headers: { "Content-Type": "application/json" },
});
}
I am getting this error [Error: Invalid signature.] in the console log. Anyone can help me?
0 Replies
No replies yetBe the first to reply to this messageJoin
Want results from more Discord servers?
Add your server