search

EasyPost / easypost-node

EasyPost Shipping API Client Library for Node
https://easypost.com/docs/api
MIT License
139 stars 54 forks source link

[Bug]: HMAC encryption mismatch #467

Closed footcarts closed 3 months ago

footcarts commented 3 months ago

Software Version

7.5.0

Language Version

Nodejs

Operating System

Mac OS

What happened?

The weight field in the tracker.updated EasyPost webhook is not properly formatted as JSON. When included, it appears as "weight": 136.0. However, when parsed as JSON, it is always reformatted to "weight": 136. This discrepancy leads to a mismatch of hashes when using the validateWebhook function.

As a result, about 50% of our webhooks are failing because some include a value for weight, while others have a value of null. When the weight field has a value of null, there is no issue with verifying the hash.

To work around this problem, we are using regex to insert the decimal point:

validateWebhook(
      Buffer.from(
        JSON.stringify(req.body).replace(/("weight":)(\d+)(?!\.\d)/g, "$1$2.0")
      ),
      headers["x-hmac-signature"],
      "12345"
    );

What was expected?

Expected properly formatted JSON to be encrypted with the secret

Sample Code

No response

Relevant logs

No response

Justintime50 commented 3 months ago

Can confirm, recreated:

JSON.parse(Buffer.from(JSON.stringify({"weight": 136.0})).toString())
{ weight: 136 }

We'll take a look and see about a fix, thanks for reporting this!

Justintime50 commented 3 months ago

@footcarts mind sharing what kind of eventBody you are getting for this that's causing troubles? I want to take a look at what kinds of fields/data may be coming through that could also cause this.

footcarts commented 3 months ago

Below is a sample response with some identifying fields redacted. From what I saw it is only the weight field that has this issue. No other integer fields. 

{"description":"tracker.updated","mode":"production","previous_attributes":{"status":"in_transit"},"created_at":"2024-08-02T19:26:52.000Z","pending_urls":["https://example.com/easypost"],"completed_urls":[],"updated_at":"2024-08-02T19:26:52.000Z","id":"evt_1","user_id":"user_1","status":"pending","object":"Event","result":{"id":"trk_1","object":"Tracker","mode":"production","tracking_code":"1","status":"in_transit","status_detail":"arrived_at_facility","created_at":"2024-07-31T14:45:27Z","updated_at":"2024-08-02T19:26:51Z","signed_by":null,"weight":136.0,"est_delivery_date":"2024-08-05T00:00:00Z","shipment_id":null,"carrier":"FedEx","tracking_details":[{"object":"TrackingDetail","message":"Shipment information sent to FedEx","description":"Shipment information sent to FedEx","status":"pre_transit","status_detail":"label_created","datetime":"2024-07-31T15:00:00Z","source":"FedEx","carrier_code":"OC","tracking_location":{"object":"TrackingLocation","city":null,"state":null,"country":"US","zip":"32837"}},{"object":"TrackingDetail","message":"Picked up","description":"Picked up","status":"in_transit","status_detail":"arrived_at_facility","datetime":"2024-07-31T19:27:00Z","source":"FedEx","carrier_code":"PU","tracking_location":{"object":"TrackingLocation","city":"ORLANDO","state":"FL","country":"US","zip":"32809"}},{"object":"TrackingDetail","message":"Arrived at FedEx location","description":"Arrived at FedEx location","status":"in_transit","status_detail":"arrived_at_facility","datetime":"2024-07-31T22:35:00Z","source":"FedEx","carrier_code":"AR","tracking_location":{"object":"TrackingLocation","city":"ORLANDO","state":"FL","country":"US","zip":"32809"}},{"object":"TrackingDetail","message":"Departed FedEx location","description":"Departed FedEx location","status":"in_transit","status_detail":"departed_facility","datetime":"2024-08-01T14:42:13Z","source":"FedEx","carrier_code":"DP","tracking_location":{"object":"TrackingLocation","city":"ORLANDO","state":"FL","country":"US","zip":"32809"}},{"object":"TrackingDetail","message":"On the way","description":"On the way","status":"in_transit","status_detail":"unknown","datetime":"2024-08-02T02:46:19Z","source":"FedEx","carrier_code":"IT","tracking_location":{"object":"TrackingLocation","city":"KENLY","state":"NC","country":"US","zip":"27542"}},{"object":"TrackingDetail","message":"On the way","description":"On the way","status":"in_transit","status_detail":"unknown","datetime":"2024-08-02T18:35:20Z","source":"FedEx","carrier_code":"IT","tracking_location":{"object":"TrackingLocation","city":"EDISON TWP","state":"NJ","country":"US","zip":"08817"}},{"object":"TrackingDetail","message":"Arrived at FedEx location","description":"Arrived at FedEx location","status":"in_transit","status_detail":"arrived_at_facility","datetime":"2024-08-02T18:50:00Z","source":"FedEx","carrier_code":"AR","tracking_location":{"object":"TrackingLocation","city":"EDISON","state":"NJ","country":"US","zip":"08817"}}],"carrier_detail":{"object":"CarrierDetail","service":"FEDEX_GROUND","container_type":null,"est_delivery_date_local":"2024-08-05","est_delivery_time_local":null,"origin_location":"ORLANDO FL US","origin_tracking_location":{"object":"TrackingLocation","city":"ORLANDO","state":"FL","country":"US","zip":"32809"},"destination_location":"BROOKLYN HGTS NY US","destination_tracking_location":null,"guaranteed_delivery_date":null,"alternate_identifier":null,"initial_delivery_attempt":null},"finalized":false,"is_return":false,"public_url":"https://track.easypost.com/1"}}