Mandrill webhook 身份验证-验证签名
对于节点js
验证签名示例
请检查以下代码
但它仅适用于发送、拒绝等事件类型。不适用于打开、单击等事件类型
function generateSignature(webhook_key, url, params) {
var signed_data = url;
const param_keys = Object.keys(params);
param_keys.sort();
param_keys.forEach(function (key) {
signed_data += key + params[key];
});
hmac = crypto.createHmac('sha1', webhook_key);
hmac.update(signed_data);
return hmac.digest('base64');
}
let url = "https://your-app-domain.com/default/MandrillXP-new";
let key = "abcd1234"; //your mandrill webhook api key
let bodyPayload;
if(event.isBase64Encoded){
bodyPayload = Buffer.from(event.body, 'base64').toString()
}else{
bodyPayload = event.body
}
let splitData = req.body.split("=")
let decodeData = decodeURIComponent(splitData[1]);
var generatedSignature = generateSignature(key, url, { "mandrill_events": decodeData })
if (req.headers["x-mandrill-signature"]!== generatedSignature) {
console.log("signature mismatch")
}else{
console.log("signature matched")
}
编码前将字符串中的“+”替换为“”(空格)
var 解码数据 = 解码数据.replace(/[+]/g, ' ');
我理解了这个问题并通过阅读以下链接解决了它: https://www.luizkowalski.net/validating-mandrill-webhook-signatures-on-rails/