带有节点红的Xero webhooks;好的,总比没事
自昨天以来,我一直在处理密码学的疯狂,从字面上看我的睡眠。
我正在实现一个节点红色解决方案,以获取从Xero中获取Webhooks,以写在自定义应用中。我在有效载荷以及需要如何串用的情况下遇到了很多问题以及如何进行哈希,但最终由于一个张贴此代码的GitHub研究员而弄清楚了,以使尸体达到其“原始”状态
<代码>让msgpayloadraw = json.stringify(msg.payload).split(':':':')。join(':':':':').split(':['').join(':':[':[') ').join(',“熵”);
i然后创建一个sha256 base64 hash以使用以下JS代码对标头值进行检查,
var cryptojs = context.global.cryptojs;
const webhookKey = 'MyWebhookKeyHere';
let msgPayloadRaw = JSON.stringify(msg.payload).split(':').join(': ').split(': [').join(':[').split(',"entropy"').join(', "entropy"');
let bdata = new Buffer(msgPayloadRaw).toString();
let ciphertext = cryptojs.HmacSHA256(bdata, webhookKey );
let base64encoded = cryptojs.enc.Base64.stringify(ciphertext);
msg.payload = base64encoded;
return msg;
现在一切都应该很好,但是我得到了一个疯狂的结果,在<<<<< a href =“ https://www.dropbox.com/s/4qivll6nv6hedaj/xerowebhook.mp4?dl = 0” rel =“ nofollow noreferrer”> this 录制,网上挂钩的录制,网络挂钩的状态转向'ok'ok'ok' ',几秒钟后返回此错误:
Retry
We haven’t received a successful response on the most recent delivery attempt and will retry sending with decreasing frequency for an overall period of 24 hours.
Response not 200. Learn more
Last sent at 2022-06-22 11:48:28 UTC
有什么问题?
该问题依赖于HTTP输入,该节点红色解析了身体。
身体需要被哈希。 HTTP请求中的主体就像是
{"events":[],"firstEventSequence": 0,"lastEventSequence": 0, "entropy": "IVMMHNWPBAZYRZJRCUAQ"}
通知每个之后的空间:
节点红色将该正体转换为JSON对象。当我做json.stringify(msg.payload);时,我将获得以下
{“ events”:[],“ firstEventSequence”:0,“ tasteventsequence”:0,“ entropy”,“ entropy” :“ ivmmhnwpbazyrzjrcuaq”}
显然是相同的,但是从技术上讲,它不是(由于空格),当哈希时,它会产生不同的哈希值。
Github研究员做到了这一点,
JSON.stringify(msg.payload).split(':').join(': ').split(': [').join(':[').split(',"entropy"').join(', "entropy"');
因此为了解决这个问题,我需要找到一种方法来获取RAW HTTP输入,而不是Node Red提供的解析的方法。
有什么想法如何获得原始输入?
I have been dealing with cryptography craziness since yesterday, I 've literally lost my sleep over this.
I am implementing a node red solution to get webhooks from Xero to be written in a custom app. I have experienced a lot of issues with the payload and how it needs to be stringified and how needs to be hashed, but eventually figured it out thanks to a Github fellow that posted this code to get the body to its 'raw' state
let msgPayloadRaw = JSON.stringify(msg.payload).split(':').join(': ').split(': [').join(':[').split(',"entropy"').join(', "entropy"');
I then create a sha256 base64 hash to check against the header value using the following js code
var cryptojs = context.global.cryptojs;
const webhookKey = 'MyWebhookKeyHere';
let msgPayloadRaw = JSON.stringify(msg.payload).split(':').join(': ').split(': [').join(':[').split(',"entropy"').join(', "entropy"');
let bdata = new Buffer(msgPayloadRaw).toString();
let ciphertext = cryptojs.HmacSHA256(bdata, webhookKey );
let base64encoded = cryptojs.enc.Base64.stringify(ciphertext);
msg.payload = base64encoded;
return msg;
Now everything should work great, but I get a crazy result showcased in this recording, where the web hooks intent status turns to 'OK', and some seconds later returns to this error:
Retry
We haven’t received a successful response on the most recent delivery attempt and will retry sending with decreasing frequency for an overall period of 24 hours.
Response not 200. Learn more
Last sent at 2022-06-22 11:48:28 UTC
What's the problem ?
The problem relies in the http input, where node red parsed the body.
Body needs to be hashed. The body in the http request is like that
{"events":[],"firstEventSequence": 0,"lastEventSequence": 0, "entropy": "IVMMHNWPBAZYRZJRCUAQ"}
Notice the spaces after each :
Node Red converts that body to JSON object. When I do JSON.stringify(msg.payload); I will get the following
{"events":[],"firstEventSequence":0,"lastEventSequence":0, "entropy":"IVMMHNWPBAZYRZJRCUAQ"}
which is obviously the same, but technically it is not (due to spaces) and when hashed it generates a different hash value.
The GitHub fellow did that that walkround
JSON.stringify(msg.payload).split(':').join(': ').split(': [').join(':[').split(',"entropy"').join(', "entropy"');
So in order to solve this, I need to find a way to get the raw http input, instead of the parsed one that node red is providing.
Any ideas how to get the raw input ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
排序答案:您不这样做。
如果
content-type标题设置为application/jsonBodyParser将启动并生成传递作为MSG的匹配的JSON对象,则将无法使用原始主体。有效载荷。httpnodemiddleware是在BodyParser之后附加的,因此身体已经更改。Sort answer: you don't.
The raw body is not available if the
Content-Typeheader is set toapplication/jsonthe bodyParser will kick in and generate the matching JSON object that is passed as the msg.payload.the
httpNodeMiddlewareis attached after the bodyParser so the body has already been changed.