如何在node.js / express中验证Shopify webhook签名?

时间:2014-03-01 18:48:35

标签: node.js express shopify webhooks

Shopify提供examples in Ruby and PHP来完成此任务。在我的node / express应用程序中,我尝试:

var data = querystring.stringify(req.body);
var calculatedSha256 = crypto.createHmac("SHA256", APP_SECRET).update(new Buffer(data, 'utf8')).digest('base64');

以及

var data = req.body;
var calculatedSha256 = crypto.createHmac("SHA256", APP_SECRET).update(new Buffer(data, 'utf8')).digest('base64');

但它们都没有提供与Shopify作为签名发送的字符串相同的字符串。

2 个答案:

答案 0 :(得分:6)

有点老了,但我想发布我的解决方案:

var express      = require('express')
    , bodyParser = require('body-parser')
    , crypto     = require('crypto');

var app = express();

app.use(bodyParser.json({ verify: function(req, res, buf, encoding) {
  req.headers['x-generated-signature'] = crypto.createHmac('sha256', 'SHARED_SECRET')
   .update(buf)
   .digest('base64');
} }));

app.post('/webhook', function(req, res) {
  if (req.headers['x-generated-signature'] != req.headers['x-shopify-hmac-sha256']) {
    return res.status(401).send('Invalid Signature');
  }
});

答案 1 :(得分:3)