From 3d4c513be972375c4768d9ee61fa383715667bd6 Mon Sep 17 00:00:00 2001 From: Krzysztof Wolski Date: Thu, 4 Aug 2022 12:27:45 +0200 Subject: [PATCH 1/2] Handle missing webhook signature header --- src/middleware.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/middleware.ts b/src/middleware.ts index d454028..4ca2ed7 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -72,6 +72,13 @@ export const withWebhookSignatureVerified = const { domain: saleorDomain, signature: payloadSignature } = getSaleorHeaders(request.headers); + if (!payloadSignature) { + return Response.BadRequest({ + success: false, + message: "Missing payload signature.", + }); + } + if (secretKey !== undefined) { const calculatedSignature = crypto .createHmac("sha256", secretKey) From 9a76281d22396d4343600cbf900a297cd173fff2 Mon Sep 17 00:00:00 2001 From: Krzysztof Wolski Date: Mon, 8 Aug 2022 11:01:02 +0200 Subject: [PATCH 2/2] Unify error message for the middleware --- src/middleware.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/middleware.ts b/src/middleware.ts index 4ca2ed7..5eb6c39 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -3,7 +3,7 @@ import * as jose from "jose"; import type { Middleware, Request } from "retes"; import { Response } from "retes/response"; -import { SALEOR_AUTHORIZATION_BEARER_HEADER } from "./const"; +import { SALEOR_AUTHORIZATION_BEARER_HEADER, SALEOR_SIGNATURE_HEADER } from "./const"; import { getSaleorHeaders } from "./headers"; import { jwksUrl } from "./urls"; @@ -75,7 +75,7 @@ export const withWebhookSignatureVerified = if (!payloadSignature) { return Response.BadRequest({ success: false, - message: "Missing payload signature.", + message: `${ERROR_MESSAGE} Missing ${SALEOR_SIGNATURE_HEADER} header.`, }); }