Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev #606

Merged
merged 4 commits into from
Aug 2, 2024
Merged

Dev #606

Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ export class WebhookController {
@Post('verifyEvent')
async verifyPayloadSignature(@Body() data: SignatureVerificationDto) {
const { payload, signature, secret } = data;
return this.webhookService.verifyPayloadSignature(
return await this.webhookService.verifyPayloadSignature(
payload,
signature,
secret,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,27 +44,32 @@ export class WebhookProcessor {
webhooks_payloads: true,
},
});
const event = await this.prisma.events.findUnique({
where: {
id_event: deliveryAttempt.id_event
}
})

const event = await this.prisma.events.findUnique({
where: {
id_event: deliveryAttempt.id_event,
},
});

// Check if the endpoint is active
if (deliveryAttempt.webhook_endpoints.active) {
try {
// Send the payload to the endpoint URL
//create a signature
const signature = this.webhookService.generateSignature(
deliveryAttempt.webhooks_payloads.data,
deliveryAttempt.webhook_endpoints.secret,
);
const response = await axios.post(
deliveryAttempt.webhook_endpoints.url,
{
id_event: deliveryAttempt.id_event,
data: deliveryAttempt.webhooks_payloads.data,
type: event.type
type: event.type,
},
{
headers: {
'Panora-Signature': deliveryAttempt.webhook_endpoints.secret,
'Panora-Signature': signature,
},
},
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
import { WebhooksError } from '@@core/utils/errors';
import { WebhookDto } from './dto/webhook.dto';
import axios from 'axios';
import crypto from 'crypto';
import { createHmac } from 'crypto';
import { BullQueueService } from '@@core/@core-services/queues/shared.service';

@Injectable()
Expand All @@ -20,8 +20,8 @@

generateSignature(payload: any, secret: string): string {
try {
return crypto
.createHmac('sha256', secret)
this.logger.log('PAYLOAD IS ' + JSON.stringify(payload));
return createHmac('sha256', secret)
.update(JSON.stringify(payload))
.digest('hex');
} catch (error) {
Expand Down Expand Up @@ -144,7 +144,7 @@
});
this.logger.log('adding webhook to the queue ');
// we send the delivery webhook to the queue so it can be processed by our dispatcher worker
const job = await this.queues.getPanoraWebhookSender().add({

Check warning on line 147 in packages/api/src/@core/@core-services/webhooks/panora-webhooks/webhook.service.ts

View workflow job for this annotation

GitHub Actions / Build and Test (18.x)

'job' is assigned a value but never used
webhook_delivery_id: w_delivery.id_webhook_delivery_attempt,
});
} catch (error) {
Expand Down Expand Up @@ -295,11 +295,17 @@
secret: string,
) {
try {
const expected = this.generateSignature(payload, secret);
this.logger.log(
'(verify) PAYLOAD IS ' +
JSON.stringify(payload) +
' data from payload is ' +
JSON.stringify(payload.data),
);
const expected = this.generateSignature(payload.data, secret);
if (expected !== signature) {
throw new WebhooksError({
name: 'INVALID_SIGNATURE_ERROR',
message: `Signature mismatch for the payload received with signature=${signature}`,
message: `Signature mismatch for the payload received with expected=${expected} and signature=${signature}`,
});
}
return payload;
Expand Down
Loading