djkato/saleor-app-sdk-REDIS_APL
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #17 from saleor/13-handle-missing-payload-signature

Browse source 
Handle missing webhook signature header
This commit is contained in:
Krzysztof Wolski 2022-08-08 11:02:19 +02:00 committed by GitHub
commit 8a1b0e7fa2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/middleware.ts
View file

@ -3,7 +3,7 @@ import * as jose from "jose";
import type { Middleware, Request } from "retes"; import type { Middleware, Request } from "retes";
import { Response } from "retes/response"; import { Response } from "retes/response";
import { SALEOR_AUTHORIZATION_BEARER_HEADER } from "./const"; import { SALEOR_AUTHORIZATION_BEARER_HEADER, SALEOR_SIGNATURE_HEADER } from "./const";
import { getSaleorHeaders } from "./headers"; import { getSaleorHeaders } from "./headers";
import { jwksUrl } from "./urls"; import { jwksUrl } from "./urls";
@ -72,6 +72,13 @@ export const withWebhookSignatureVerified =
const { domain: saleorDomain, signature: payloadSignature } = getSaleorHeaders(request.headers); const { domain: saleorDomain, signature: payloadSignature } = getSaleorHeaders(request.headers);
if (!payloadSignature) {
return Response.BadRequest({
success: false,
message: `${ERROR_MESSAGE} Missing ${SALEOR_SIGNATURE_HEADER} header.`,
});
}
if (secretKey !== undefined) { if (secretKey !== undefined) {
const calculatedSignature = crypto const calculatedSignature = crypto
.createHmac("sha256", secretKey) .createHmac("sha256", secretKey)