Vonage.sms.verifySignature doesn't work with inbound SMS message

jjtindale commented 8 months ago

Following this guide leads to an error in verifySignature. This is because the inbound parameters are not all a string; some are nested JSON objects (e.g. usage and sms), and the library tries to call .replace() on these objects here, leading to TypeError: params[key].replace is not a function.

{
    to: '<our vonage number>',
    from: '<my mobile number>',
    channel: 'sms',
    message_uuid: '<the uuid>',
    timestamp: '<the timestamp>',
    usage: { price: '<number>', currency: '<currency>' },
    message_type: 'text',
    text: '<the text>',
    context_status: 'none',
    sms: { num_messages: '1', count_total: '1' }
}

Expected Behavior

verifySignature should work in the context of inbound SMS messages.

Current Behavior

TypeError: params[key].replace is not a function

Possible Solution

The solution depends on how the signature is meant to be calculated based on these nested fields.

Steps to Reproduce (for bugs)

Call new Vonage(new Auth(...)).sms.verifySignature() using the object linked above as the request body (which is what you receive for the inbound SMS event webhook).
TypeError: params[key].replace is not a function

Your Environment

SDK Version: "@vonage/server-sdk": "^3.10.0"
Node Version: (e.g. Node 10.18): v18.18.0
Operating System and version: macOS 14.0

manchuck commented 8 months ago

@jjtindale are you using the messages API? The payload looks like it is for the messages webhook

manchuck commented 8 months ago

@jjtindale If that is the case, you can follow this snippet here: https://github.com/Vonage/vonage-node-code-snippets/blob/master/messages/signed-webhooks/verify-signed-webhook.js

I will work with our team to clarify that page you posted

manchuck commented 5 months ago

@jjtindale The page and code snippet have been updated. Sorry for the inconvenience

Vonage / vonage-node-sdk