我在 Uber Sandbox 中使用 NodeJS 和 WebHook 测试时遇到一些问题。我能够收到正确的 POST 响应,但安全检查 (X-Uber-Signature) 总是错误..
module.exports = {
myWebService: function(req, res) {
const hmac = crypto.createHmac('sha256','<MYSECRET>');
var hash = hmac.update(JSON.stringify(req.body)).digest('hex');
//Those values are always different..
console.log("Constructed hash : " + hash +"\n");
console.log("Received hash : " + req.header('X-Uber-Signature') + "\n");
JSON.stringify(req.body) 内容:
{"event_id":"08db06df-559a-457a-ba92-3c8380bb7ec7","resource_href":"https://sandbox-api.uber.com/v1/requests/8f5cc257-cfdf-4654-9acd-085aae740107","meta":{"status":"arriving","rider_id":"8IMl8ulC-yJTqkbsq5g4HuyuYeRQ5b5aSsmLt2vpjl6H8Fk_JPz_5AZYj4ERi6M7MagmrJtPM7L_rAnHLgO0qLgGtpD8Lg32rnGTEUkWHAbPjDZIl0-X91PrrujPY_IYGA==","user_id":"ecb2e871-b768-4f76-bfa9-8bc253bced0e","resource_id":"8f5cc257-cfdf-4654-9acd-085aae740107"},"event_type":"all_trips.status_changed","event_time":1508163555}
我对此字符串尝试了很多(很多)转换,但没有任何效果,如果有人有想法,我们将不胜感激。谢谢
最佳答案
请查看优步 documentation为了解决您的问题:
Due to a strict interpretation of the JSON specification by JavaScript, if there are backslashes sent in the POST body, they will be removed upon parsing. This prevents webhook receivers implemented in NodeJS from verifying the webhook signature accurately. We are working on removing all backslashes from the payload in order to avoid this situation and will remove this note when that work is done.
另外,请检查此 link .
关于node.js - NodeJs (hmac) 的 Uber webhook 签名问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46772782/