因此在 LemonSqueezy API 中,一旦支付成功,webhooks 就会发送一个有效负载。但我遇到的问题是签名无法得到验证。这是我使用的参考。 https://docs.lemonsqueezy.com/help/webhooks#signing-requests
这是我在打字稿中的帖子请求
import express, { Request, Response } from 'express';
import * as crypto from 'crypto';
import bodyParser from 'body-parser';
const webhook = express.Router();
let secret = "secretkey"
webhook.use(bodyParser.json())
webhook.post('/webhooks', async (req: Request, res: Response) => {
try {
if (!req.body) {
throw new Error('Missing request body');
}
// Create HMAC signature
const hmac = crypto.createHmac('sha256', secret);
const digest = Buffer.from(hmac.update(JSON.stringify(req.body)).digest('hex'), 'utf8');
// Retrieve and validate X-Signature header
const signature = Buffer.from(req.get('X-Signature') || '', 'utf8');
if (!crypto.timingSafeEqual(digest, signature)) {
throw new Error('Invalid signature');
}
const payload = req.body;
console.log('Received valid webhook:', payload);
return res.status(200).send({'Webhook received': payload});
} catch (err) {
console.error(err);
return res.status(400).send(err);
}
});
export default webhook
为此花费了太多时间。但问题是请求是由于它是字符串而不是原始主体。
解决方案,下载 npm i raw-body。
interface Request extends ExpressRequest {
rawBody?: string;
}
const webhook = express.Router();
let secret = ""
webhook.use((req: Request, _res: Response, next: NextFunction) => {
rawBody(req, {
length: req.headers['content-length'],
limit: '1mb', // Set your desired limit here
encoding: 'utf8' // or any encoding you prefer
}, (err, string) => {
if (err) return next(err);
(req as any).rawBody = string; // Define rawBody property on Request type
next();
});
});
webhook.post('/webhooks', async (req: Request, res: Response) => {
try {
if (!req.rawBody) {
throw new Error('Missing request body');
}
// Create HMAC signature
const hmac = crypto.createHmac('sha256', secret);
const digest = Buffer.from(hmac.update(req.rawBody).digest('hex'), 'utf8');
const signature = Buffer.from(req.get('X-Signature') || '', 'utf8');
if (!crypto.timingSafeEqual(digest, signature)) {
throw new Error('Invalid signature.');
}
const data = JSON.parse(req.rawBody)
console.log(data)
return res.status(200).send('Webhook received');
} catch (err) {
console.error(err);
return res.status(400).send(err);
}
});