Mandrill webhook 身份验证签名不匹配

问题描述 投票:0回答:2

Mandrill webhook 身份验证-验证签名

对于节点js

验证签名示例

请检查以下代码

但它仅适用于发送、拒绝等事件类型。不适用于打开、单击等事件类型

function generateSignature(webhook_key, url, params) {
  var signed_data = url;
  const param_keys = Object.keys(params);
  param_keys.sort();
  param_keys.forEach(function (key) {
      signed_data += key + params[key];
  }); 

  hmac = crypto.createHmac('sha1', webhook_key);
  hmac.update(signed_data);

  return hmac.digest('base64');
}

let url = "https://your-app-domain.com/default/MandrillXP-new";
let key = "abcd1234"; //your mandrill webhook api key

let bodyPayload;
if(event.isBase64Encoded){
  bodyPayload = Buffer.from(event.body, 'base64').toString()
}else{
  bodyPayload = event.body
} 
  let splitData = req.body.split("=")
  let decodeData = decodeURIComponent(splitData[1]);    

var generatedSignature = generateSignature(key, url, { "mandrill_events": decodeData })

if (req.headers["x-mandrill-signature"]!== generatedSignature) {
  console.log("signature mismatch")
}else{
  console.log("signature  matched")
}
node.js authentication mailchimp signature mandrill
2个回答
0
投票

编码前将字符串中的“+”替换为“”(空格)

var 解码数据 = 解码数据.replace(/[+]/g, ' ');


0
投票

我理解了这个问题并通过阅读以下链接解决了它: https://www.luizkowalski.net/validating-mandrill-webhook-signatures-on-rails/

© www.soinside.com 2019 - 2024. All rights reserved.