如何验证JS

签名 验证签名

这里的有效载荷是指

json主体，而不是BodyParser解析的东西。我将分享Express的代码。
1. 获取有效载荷
2. //Set up your server like this var express = require('express') var bodyParser = require('body-parser'); var crypto = require('crypto'); var app = express() //This part is to get the rawBody app.use( express.json({ limit: '5mb', verify: (req, res, buf) => { req.rawBody = buf.toString(); }, }) ); app.use(bodyParser.json()); //This is your endpoint app.post('/webhook', function(req, res) { console.log(req.rawBody); const ts = req.headers["x-webhook-timestamp"] const signature = req.headers["x-webhook-signature"] console.log("ts --> ", ts); console.log("expected sign --> ", signature); const genSignature = verify(ts, req.rawBody) if(signature === genSignature){ res.send('OK') } else { res.send("failed") } })
verifying签名
function verify(ts, rawBody){ const body = ts + rawBody const secretKey = "<your secret key>"; let genSignature = crypto.createHmac('sha256',secretKey).update(body).digest("base64"); return genSignature }