Anil
CDCloudflare Developers
•Created by Anil on 5/7/2024 in #workers-help
Help with Cloudflare Web Crypto for verifying webhook signature.
I want to verify the webhook sender.
Since I am using Worker, then I have to use web crypto for the hash matching.
This is my code:
I am getting this error
try {
const eventType = req.headers.get("X-Event-Name");
const body = await req.json();
const secret = process.env.WEBHOOK_SECRET as string;
const encoder = new TextEncoder();
const bodyArrayBuffer = encoder.encode(JSON.stringify(body));
const hmacKey = await crypto.subtle.importKey(
"raw",
encoder.encode(secret),
{ name: "HMAC", hash: "SHA-256" },
false,
["sign"]
);
const hmacDigest = await crypto.subtle.sign(
"HMAC",
hmacKey,
bodyArrayBuffer
);
const hexString = Array.from(new Uint8Array(hmacDigest))
.map((byte) => byte.toString(16).padStart(2, "0"))
.join("");
// const signature = Buffer.from(req.headers.get("X-Signature") || "", "utf8");
const signature = req.headers.get("x-signature") || "";
console.log("LemonSqueezy Signature", signature);
console.log("Hex String", hexString);
if (hexString !== signature) {
throw new Error("Invalid signature.");
}
console.log(body);
if (eventType === "order_created") {
const userEmail: string = body.data.attributes.user_email;
const userName: string = body.data.attributes.user_name;
const isSuccessful = body.data.attributes.status === "paid";
}
return new Response(JSON.stringify({ message: "Webhook received" }), {
headers: { "Content-Type": "application/json" },
});
} catch (err) {
console.error(err);
return new Response(JSON.stringify({ message: "Server error" }), {
status: 500,
headers: { "Content-Type": "application/json" },
});
}
try {
const eventType = req.headers.get("X-Event-Name");
const body = await req.json();
const secret = process.env.WEBHOOK_SECRET as string;
const encoder = new TextEncoder();
const bodyArrayBuffer = encoder.encode(JSON.stringify(body));
const hmacKey = await crypto.subtle.importKey(
"raw",
encoder.encode(secret),
{ name: "HMAC", hash: "SHA-256" },
false,
["sign"]
);
const hmacDigest = await crypto.subtle.sign(
"HMAC",
hmacKey,
bodyArrayBuffer
);
const hexString = Array.from(new Uint8Array(hmacDigest))
.map((byte) => byte.toString(16).padStart(2, "0"))
.join("");
// const signature = Buffer.from(req.headers.get("X-Signature") || "", "utf8");
const signature = req.headers.get("x-signature") || "";
console.log("LemonSqueezy Signature", signature);
console.log("Hex String", hexString);
if (hexString !== signature) {
throw new Error("Invalid signature.");
}
console.log(body);
if (eventType === "order_created") {
const userEmail: string = body.data.attributes.user_email;
const userName: string = body.data.attributes.user_name;
const isSuccessful = body.data.attributes.status === "paid";
}
return new Response(JSON.stringify({ message: "Webhook received" }), {
headers: { "Content-Type": "application/json" },
});
} catch (err) {
console.error(err);
return new Response(JSON.stringify({ message: "Server error" }), {
status: 500,
headers: { "Content-Type": "application/json" },
});
}
[Error: Invalid signature.] in the console log.
Anyone can help me?1 replies