djkato/saleor-app-sdk-REDIS_APL
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Handle missing webhook signature header

Browse source
This commit is contained in:
Krzysztof Wolski 2022-08-04 12:27:45 +02:00
parent 95cbf1c9eb
commit 3d4c513be9
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/middleware.ts
View file

@ -72,6 +72,13 @@ export const withWebhookSignatureVerified =
const { domain: saleorDomain, signature: payloadSignature } = getSaleorHeaders(request.headers); const { domain: saleorDomain, signature: payloadSignature } = getSaleorHeaders(request.headers);
if (!payloadSignature) {
return Response.BadRequest({
success: false,
message: "Missing payload signature.",
});
}
if (secretKey !== undefined) { if (secretKey !== undefined) {
const calculatedSignature = crypto const calculatedSignature = crypto
.createHmac("sha256", secretKey) .createHmac("sha256", secretKey)