2

I am started to implement some API to my marketplace. I am using Shoppy.gg for get some cryptopayments. And i have got a problem about the verify their callbacks from my back end.

In their documentation explain to how validate shoppy with php:

$signature = hash_hmac('sha512', file_get_contents('php://input'), 'secret');
$is_valid = hash_equals($signature, $_SERVER['HTTP_X_SHOPPY_SIGNATURE']);

And i am trying to do it with nodejs express module

  const signature =  req.header('x-shoppy-signature')
  const verifySignature = sha512(JSON.stringify(req), shoppyWebhookSecret)
  if(signature !== verifySignature) return res.json({status: "error", message: "payment-hash-wrong"})

But in my code, ivgot an exception about Converting circular structure to JSON. Am i understand this documentation wrong ? Shouldnt i create sha512 hash from request by using my secret key ?

Edit: Also i thought maybe it can be gave url encoded string in php and i do it with javascript as coded following:

var verifySignature = sha512(new URLSearchParams(req.body).toString(), shoppyWebhookSecret)

but doesnt works too.

The documentation: https://shoppy.dev/#/webhooks

ayya
  • 21
  • 2

1 Answers1

0

JSON.stringify(req) is not the equivalent to file_get_contents('php://input'). req is a complex object that cannnot be represented as json. That is why you are getting the error Converting circular structure to JSON.

You need to find the equivalent to file_get_contents('php://input') in node.js. This should be the full request-body.

wuerfelfreak
  • 2,118
  • 1
  • 10
  • 24
  • I've tried and researched a lot of things about this. but in no way figure out anything. Do you have an example method in mind? – ayya Dec 31 '20 at 15:40
  • I'm also not very familiar with node. How about using `req.body` by itsself like `sha512(req.body, shoppyWebhookSecret)`? Or something like this [How to access the request body when POSTing using Node.js and Express?](https://stackoverflow.com/a/49943829/8106583)? – wuerfelfreak Dec 31 '20 at 15:49
  • It doesnt gives same result with PHP, also i tried urlencode, json string but all of them doesnt gave same – ayya Dec 31 '20 at 16:01
  • 1
    Then I am out of Ideas. Sorry – wuerfelfreak Dec 31 '20 at 16:02