How can I verify it?
Can someone help me?
const functions = require('@google-cloud/functions-framework');
const crypto = require('crypto')
functions.http('main', async (request, response) => {
const token = 'xxxxxxxx'; //MY SIGUNATURE KEY
const requestSignature = request.headers['x-square-hmacsha256-signature']
const requestBody = request.body
const base64Token = Buffer.from(token, 'base64')
const hmac = crypto.createHmac('sha256', base64Token);
const expectedSignature = hmac.update(JSON.stringify(requestBody), 'utf8').digest('base64');
console.log(requestSignature + ':' + expectedSignature)
if (requestSignature !== expectedSignature) {
response.status(403).send('Invalid signature')
} else {
response.status(200).send('OK')
}
});
Was self resolved.
const functions = require('@google-cloud/functions-framework');
const crypto = require('crypto')
functions.http('main', async (request, response) => {
const token = 'xxxxxxxx'
const signature = request.get('x-square-hmacsha256-signature')
const hash = crypto.createHmac('sha256', token).update('https://asia-northeast1-xxxxxxxxxx.cloudfunctions.net/webhook' + JSON.stringify(request.body)).digest('base64')
if (signature !== hash) {
response.status(403).send('Invalid signature')
} else {
response.status(200).send('OK')
}
});
