问题描述
我有一个调用 Firebase 函数的条纹网络钩子.在这个函数中,我需要验证这个请求来自 Stripe 服务器.这是代码:
I have a stripe webhook that call a Firebase function. In this function I need to verify that this request comes from Stripe servers. Here is the code :
const functions = require('firebase-functions');
const bodyParser = require('body-parser');
const stripe = require("stripe")("sk_test_****");
const endpointSecret = 'whsec_****';
const app = require('express')();
app.use(bodyParser.json({
verify: function (req, res, buf) {
var url = req.originalUrl;
if (url.startsWith('/webhook')) {
req.rawBody = buf.toString()
}
}
}));
app.post('/webhook/example', (req, res) => {
let sig = req.headers["stripe-signature"];
try {
console.log(req.bodyRaw)
let event = stripe.webhooks.constructEvent(req.body, sig, endpointSecret);
console.log(event);
res.status(200).end()
// Do something with event
}
catch (err) {
console.log(err);
res.status(400).end()
}
});
exports.app = functions.https.onRequest(app);
如 Stripe 文档 所述,我必须使用原始正文来执行此安全检查.
As mentioned in Stripe Documentation, I have to use raw body to perform this security check.
我已经尝试过使用我当前的代码和:
I have tried with my current code and with :
app.use(require('body-parser').raw({type: '*/*'}));
但我总是收到这个错误:
But I always get this error :
Error: No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing
推荐答案
Cloud Functions 自动 解析已知类型的正文内容.如果您正在获取 JSON,那么它已经在 req.body
中解析并可供您使用.您应该不需要添加其他正文解析中间件.
Cloud Functions automatically parses body content of known types. If you're getting JSON, then it's already parsed and available to you in req.body
. You shouldn't need to add other body parsing middleware.
如果您需要处理原始数据,您应该使用 req.rawBody
,但我认为您不需要在这里这样做.
If you need to process the raw data, you should use req.rawBody
, but I don't think you'll need to do that here.
这篇关于条带错误:未找到与有效负载的预期签名匹配的签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!