Node JS + FACEBOOK WEBHOOK

Asked

Viewed 36 times

0

Hello, I have a problem confirming the token SHA1 generated by facebook, I believe rawBody is wrong and is not passing the payload as it should, could take a look and see if they find the problem?

Middleware to catch the rawBody without turning into json:

app.use(
  bodyParser.json({
    verify(req, res, buf) {
      req.rawBody = buf;
    }
  })
);

Code that converts rawbody with the "gatepass" key directly to sha1:

  app.post("/:user/gate", async (req, res, next) => {
    let hmac = crypto.createHmac("sha1", 'gatepass');
    hmac.update(req.rawBody);
    let computedSig = `sha1=${hmac.digest("hex")}`;
    console.log(computedSig);
    console.log(req.headers["x-hub-signature"]);
    //console.log(JSON.stringify(req.body));
    res.send(req.params.user);
  });

Replies received:

sha1=15e1beff7e06e64f49391f88a55a890f42a3951a SHA1 GENERATED BY MY SERVER

sha1=db43b8285f3f4a1295ed1d17c455c8784ccd02e8 SHA1 RECEIVED FROM FACEBOOK

BS.: I’ve tried changing to req.body using toString, using JSON.stringify, encodeURI and so on... None of them match the result.

1 answer

0


I got the answer, I needed to turn the payload into byte and the key was also wrong, I was using the pagetoken instead of using the secret app...

  app.post("/:user/gate", async (req, res, next) => {
    let hmac = crypto.createHmac('sha1', 'APP_SECRET');
    console.log(req.rawBody);
    hmac.update(req.rawBody, 'utf-8');
    let computedSig = `sha1=${hmac.digest("hex")}`;
    console.log(computedSig);
    console.log(req.headers["x-hub-signature"]);
    res.send(req.params.user);
  });

The secret app gets in the control panel as shown in the print:

http://prntscr.com/pwexue

Browser other questions tagged

You are not signed in. Login or sign up in order to post.