Merge pull request #17 from saleor/13-handle-missing-payload-signature
Handle missing webhook signature header
This commit is contained in:
Krzysztof Wolski
GitHub
commit
8a1b0e7fa2
1 changed files with 8 additions and 1 deletions
|
|
@ -3,7 +3,7 @@ import * as jose from "jose";
|
|||
import type { Middleware, Request } from "retes";
|
||||
import { Response } from "retes/response";
|
||||
|
||||
import { SALEOR_AUTHORIZATION_BEARER_HEADER } from "./const";
|
||||
import { SALEOR_AUTHORIZATION_BEARER_HEADER, SALEOR_SIGNATURE_HEADER } from "./const";
|
||||
import { getSaleorHeaders } from "./headers";
|
||||
import { jwksUrl } from "./urls";
|
||||
|
||||
|
|
@ -72,6 +72,13 @@ export const withWebhookSignatureVerified =
|
|||
|
||||
const { domain: saleorDomain, signature: payloadSignature } = getSaleorHeaders(request.headers);
|
||||
|
||||
if (!payloadSignature) {
|
||||
return Response.BadRequest({
|
||||
success: false,
|
||||
message: `${ERROR_MESSAGE} Missing ${SALEOR_SIGNATURE_HEADER} header.`,
|
||||
});
|
||||
}
|
||||
|
||||
if (secretKey !== undefined) {
|
||||
const calculatedSignature = crypto
|
||||
.createHmac("sha256", secretKey)
|
||||
|
|
|
|||
Loading…
Reference in a new issue