search

alexa-js / alexa-verifier-middleware

An express middleware that verifies HTTP requests sent to an Alexa skill are sent from Amazon.
MIT License
31 stars 6 forks source link

Can't use this with Firebase functions #27

Closed tpaustin closed 9 months ago

tpaustin commented 6 years ago

Firebase parses the body automatically and there is no way to change that.

However, the rawBody is available after parsing so this can still be used.

I was able to modify the code to get around this for firebase, but am not sure if this is a reasonable solution:

module.exports = function alexaVerifierMiddleware(req, res, next) {    
    if (req._body && !req.rawBody) {
        var er = 'The raw request body has already been parsed.'
        return res.status(400).json({ status: 'failure', reason: er })
    }

    if (req.rawBody) {
        certUrl = req.headers.signaturecertchainurl
        signature = req.headers.signature

        verifier(certUrl, signature, req.rawBody, function(er) {
            if (er) {
                res.status(400).json({ status: 'failure', reason: er })
            } else {
                next()
            }
        })    
    } else {
        // TODO: if _rawBody is set and a string, don't obliterate it here!

        // mark the request body as already having been parsed so it's ignored by
        // other body parser middlewares
        req._body = true
        req.rawBody = ''
        req.on('data', function(data) {
            return req.rawBody += data
        })

        req.on('end', function() {
            var certUrl, er, error, signature

            try {
                req.body = JSON.parse(req.rawBody)
            } catch (error) {
                er = error
                req.body = {}
            }

            certUrl = req.headers.signaturecertchainurl
            signature = req.headers.signature

            verifier(certUrl, signature, req.rawBody, function(er) {
                if (er) {
                    res.status(400).json({ status: 'failure', reason: er })
                } else {
                    next()
                }
            })
        })
    }
}
tejashah88 commented 6 years ago

Unfortunately I cannot make a patch for this until I can validate that your proposed fix works. That means writing some unit tests in the process. If you want, you can send a PR with some unit tests!

tpaustin commented 6 years ago

Understood. I'll give it a shot :)

On Fri, Jan 12, 2018 at 3:07 PM, Tejas Shah notifications@github.com wrote:

Unfortunately I cannot make a patch for this until I can validate that your proposed fix works. That means writing some unit tests in the process. If you want, you can send a PR with some unit tests!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/alexa-js/alexa-verifier-middleware/issues/27#issuecomment-357379172, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOwNILnq6nAARUGv5JGqGZE-6aA8C5Rks5tJ-WdgaJpZM4RPTFp .

tejashah88 commented 6 years ago

Hey @tpaustin, any update on this?

tejashah88 commented 9 months ago

Closing. If this still needs attention, feel free to re-open