djkato/saleor-app-sdk-REDIS_APL
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #7 from saleor/fix-jws-validation

Browse source 
Fix Webhook signature validation when JWS is malformed
This commit is contained in:
Tomasz Magulski 2022-07-14 14:24:49 +02:00 committed by GitHub
commit d5851ef6e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/middleware.ts
View file

@ -95,12 +95,12 @@ export const withWebhookSignatureVerified = (
signature,
};
const jwksKey = await jose.createRemoteJWKSet(
const jwks = jose.createRemoteJWKSet(
new URL(jwksUrl(saleorDomain))
)(jose.decodeProtectedHeader(payloadSignature), jws);
) as jose.FlattenedVerifyGetKey;
try {
await jose.flattenedVerify(jws, jwksKey);
await jose.flattenedVerify(jws, jwks);
} catch {
return Response.BadRequest({
success: false,