我正在使用Starling Bank网络挂钩来调用我的API。他们声明如下:
使用以下命令将签名放置在请求的标头中 X-Hook-Signature,由SHA-512的Base-64编码组成 秘密+ JSON有效内容的摘要。
我最终得到的代码如下。尝试了不同的方式后,我似乎无法获得与标头中相同的SHA-512的Base-64。我是否正确理解/使用crypto和bodyParser库?
div {
margin: 3px;
display: inline-block;
}
.sprite {
background-image: url('https://i.stack.imgur.com/mv9lJ.png');
}
.s1 {
background-size: 1422.2222% 1500%;
background-position: 5.210084033619603% 6.026785714285714%;
}
.s2 {
background-size: 609.5238095238095% 738.4615384615385%;
background-position: 93.45794392523367% 89.1566265060241%;
}我的应用程序具有以下代码
<div class="sprite s1" style="width: 45px; height:20px"></div>
<div class="sprite s1" style="width: 128px; height:30px"></div>
<div class="sprite s1" style="width: 64px; height:56px"></div>
<div class="sprite s1" style="width: 57px; height:60px"></div>
<div class="sprite s1" style="width: 45px; height:45px"></div>
<div class="sprite s1" style="width: 12px; height:50px"></div>
<div class="sprite s1" style="width: 50px; height:40px"></div>
<hr/>
<div class="sprite s2" style="width: 45px; height:20px"></div>
<div class="sprite s2" style="width: 128px; height:30px"></div>
<div class="sprite s2" style="width: 64px; height:56px"></div>
<div class="sprite s2" style="width: 57px; height:60px"></div>
<div class="sprite s2" style="width: 45px; height:45px"></div>
<div class="sprite s2" style="width: 12px; height:50px"></div>
<div class="sprite s2" style="width: 50px; height:40px"></div>答案 0 :(得分:0)
问题在于express和bodyParser弄乱了rawBody。
这应该有效:
const express = require("express");
const crypto = require('crypto');
const app = express();
const bodyParser = require('body-parser');
app.use(bodyParser.json({
verify: (req, res, buf) => {
req.rawBody = buf
}
}));
app.post('/starling',async (request,response)=>{
const secret = 'abcd-efgh-12f3-asd34-casd-whatever';
let hash = crypto.createHash('sha512');
hash.update(secret+request.rawBody);
const sigCheck = hash.digest('base64');
const valid = sigCheck==request.headers['x-hook-signature'];
});