Pusher签名无效:预期的HMAC SHA256十六进制摘要

时间:2014-11-26 06:55:52

标签: java javascript pusher

我在一个HTML文件中有JavaScript代码,我从中调用服务器进行身份验证:

<html>
<script>
<head>
    var options = { authEndpoint: "api/pusher.json?socket_id=9900&channel_name=presence-channel" }
    var pusher = new Pusher('98384343434343434', options);
    pusher.connection.bind('connected', function() {
        console.log("connected");
        socketId = pusher.connection.socket_id;
        console.log("socketId" + socketId);
    });

    var channel = pusher.subscribe('presence-channel');
</script>
</head>
<body></body>
</html>

在服务器上代码如下:

import com.pusher.rest.Pusher;
import com.pusher.rest.data.PresenceUser;
import com.webapp.actions.BusinessApiAction;


@Path("/api/pusher")
public class PusherAction extends BusinessApiAction {
    @POST

    @Produces({ "application/Json", "application/xml" })
    public Response pusher(@Context ServletContext context, @Context HttpServletRequest req, @Context HttpServletResponse res, @FormParam("socket_id") String socketId, @FormParam("channel_name") String channelName) throws Exception {
        System.out.println("\n\n===channel==> " + channelName + "\t socket id-->" + socketId);

        Pusher pusher = new Pusher("92063", "3055e2b132174078348c", "52cfe6c7ecb8420ad981");
        String userId = "5433d5da97d88628ec000300";
        Map<String, String> userInfo = new HashMap<>();
        userInfo.put("name", "Phil Leggetter");

        String authBody = pusher.authenticate(socketId, channelName, new PresenceUser(userId, userInfo));
        JSONObject j = new JSONObject(authBody);
        System.out.println("\n\n===authBody==> " + j.getString("auth"));
        Map<String, Object> map = new HashMap<>();
        Map<String, Object> channelData = new HashMap<>();
        map.put("auth", j.getString("auth"));
        JSONObject ch = new JSONObject(j.getString("channel_data"));
        channelData.put("user_id", ch.getString("user_id"));
        channelData.put("user_info", userInfo);
        map.put("channel_data", ch.toString());

        return sendDataResponse(map);
        }

}

返回的响应为200,但Pusher发出此错误: 推进器记录器出错 -

Pusher : Event sent : {"event":"pusher:subscribe","data":{"auth":"3055e2b132174078348c:980bf9a6d3a61d280d181785ccacd0e5e7999776085403f2d9bfe688842b8fe7","channel_data":"{\"user_info\":{\"name\":\"Phil Leggetter\"},\"user_id\":\"5433d5da97d88628ec000300\"}","channel":"presence-user2"}}

Pusher : Event recd : {"event":"pusher:error","data":{"code":null,"message":"Invalid signature: Expected HMAC SHA256 hex digest of 41797.10543542:presence-user2:{\"user_info\":{\"name\":\"Phil Leggetter\"},\"user_id\":\"5433d5da97d88628ec000300\"}, but got 980bf9a6d3a61d280d181785ccacd0e5e7999776085403f2d9bfe688842b8fe7"}}

Pusher : Error : {"type":"WebSocketError","error":{"type":"PusherError","data":{"code":null,"message":"Invalid signature: Expected HMAC SHA256 hex digest of 41797.10543542:presence-user2:{\"user_info\":{\"name\":\"Phil Leggetter\"},\"user_id\":\"5433d5da97d88628ec000300\"}, but got 980bf9a6d3a61d280d181785ccacd0e5e7999776085403f2d9bfe688842b8fe7"}}}

1 个答案:

答案 0 :(得分:1)

authBody返回的pusher.authenticate应该为您提供响应客户端请求所需的一切。您只需要确保sendDataResponseauthBody作为响应正文发送回JSON。

我已更新您提供的示例,以删除不需要的行:

@Path("/api/pusher")
public class PusherAction extends BusinessApiAction {
    @POST

    @Produces({ "application/Json", "application/xml" })
    public Response pusher(@Context ServletContext context, @Context HttpServletRequest req, @Context HttpServletResponse res, @FormParam("socket_id") String socketId, @FormParam("channel_name") String channelName) throws Exception {
        System.out.println("\n\n===channel==> " + channelName + "\t socket id-->" + socketId);

        Pusher pusher = new Pusher(APP_ID, APP_KEY, APP_SECRET);
        String userId = "5433d5da97d88628ec000300";
        Map<String, String> userInfo = new HashMap<>();
        userInfo.put("name", "Phil Leggetter");

        String authBody = pusher.authenticate(socketId, channelName, new PresenceUser(userId, userInfo));

        return sendDataResponse(authBody);
    }

}

pusher-rest-java库README显示不需要存在的附加功能: https://github.com/pusher/pusher-rest-java#authenticating-presence-channels