search

sendgrid / sendgrid-nodejs

The Official Twilio SendGrid Led, Community Driven Node.js API Library
https://sendgrid.com
MIT License
2.98k stars 781 forks source link

Can't validate eventHook signature, help! #1411

Open zheng-liu-seattle opened 1 month ago

zheng-liu-seattle commented 1 month ago 
 const signature = req.headers[
   EventWebhookHeader.SIGNATURE().toLowerCase()
  ] as string;
  const timestamp = req.headers[
    EventWebhookHeader.TIMESTAMP().toLowerCase()
  ] as string;

  const payload = JSON.stringify(req.body).split('},{').join('},\r\n{') + '\r\n';

  if (!signature || !timestamp) {
    res.status(401).json(UNAUTHORIZED);
    return;
  }
  try {
    const eventWebhook = new EventWebhook();
    const isValid = eventWebhook.verifySignature(
      eventWebhook.convertPublicKeyToECDSA(publicKey),
      payload,
      signature,
      timestamp
    );
    }

isValid is always false... verified both timestamp and signature are there.

hss-iullah commented 2 weeks ago

I spent days looking into this, using the EXACT code supplied by Sendgrid. Spent weeks with their support team who just kept sending me the same stackoverflow links that I'd already read. In the end I decided to remove the equivalent to this in their python code. const payload = JSON.stringify(req.body).split('},{').join('},\r\n{') + '\r\n';

I then removed it from the node js code and it worked. Poor documentation. The forums are full of it.