我正在尝试验证来自shopify的webhook请求。为此,我提到了:verify shopify webhook 。我创建了一个shopify应用程序,因为我自动注册(创建)web钩子到关联商店,所以使用app secret来验证相同。
代码是:
import { Picker } from 'meteor/meteorhacks:picker';
var bodyParser = require( 'body-parser' ),
crypto = require('crypto');
Picker.middleware( bodyParser.json() );
Picker.middleware( bodyParser.urlencoded( { extended: true } ) );
var post = Picker.filter(function(req, res) {
// Bypass, if the url doesn't start with webhook
if (req.url.search('webhook') < 0) {
return true;
}
let isValid = isValidWebhook(req);
console.log( (isValid ? 'Verified' : 'Unverified') + ' webhook');
return (isValid && req.method == "POST");
});
isValidWebhook = function (req) {
const data = JSON.stringify(req.body);
const header = req.headers;
const hmac = header['x-shopify-hmac-sha256'];
const appSecret = Meteor.settings.shopify.secret;
const calHmac = crypto.createHmac("sha256", appSecret).update(data).digest("base64");
return (hmac == calHmac);
}
Picker正在捕获服务器端路由。 到目前为止,我无法验证它,所以任何帮助都将受到高度赞赏。