Question

我无法使用bodyparser验证我的秘密密钥，也无法理解其发生的原因，我该如何使用bodyparser解决此问题？

verify: function (req, res, buf, encoding) {
    console.log('In verify method ........................');
    if (req.headers['x-oracle-cc-webhook-signature'] !== undefined) {
        //Read secret key from config 
        if (config.has('keys.' + req.url)) {

            var secret_key = config.get('keys.' + req.url);
            logger.info('config.keys' + req.url + ':', secret_key);

            // Secret key is base64 encoded and must be decoded into bytes; BUG 24619421::Documentation for HMAC SHA1 key from the raw key bytes 
            var decoded_secret_key = Buffer.from(secret_key, 'base64');

            var calculated_signature = crypto.createHmac('sha1', decoded_secret_key)
                .update(buf, encoding)
                .digest('base64');

            logger.debug("x-oracle-cc-webhook-signature: ", req.headers['x-oracle-cc-webhook-signature'], "calculated_signature: ", calculated_signature);

            if (calculated_signature != req.headers['x-oracle-cc-webhook-signature']) {
                logger.error('Invalid signature. Access denied');
                throw new Error('Invalid signature. Access denied');
            }
        }
    } else {
        logger.warn('No secret key provided for request: ' + req.url);
        //throw new Error('Signature not included. Access denied');
    }
}

无法验证bodyparser，没有调用body解析器功能

0 个答案: