search

twilio / twilio-node

Node.js helper library
MIT License
1.37k stars 495 forks source link

Express middleware doesn't work with query strings #942

Open asportnoy opened 1 year ago

asportnoy commented 1 year ago

Issue Summary

This was originally posted on StackOverflow and confirmed to be an issue by a Twilio employee.

The built-in Express middleware for webhook validation doesn't seem to work properly with query strings. According to the Twilio employee's response, the validateRequest will work for this, though I did not test that.

Steps to Reproduce

  1. Set up a webhook to a URL with a query string (I used a statusCallback URL)
  2. Handle that request with the webhook middleware
  3. Observe that the validation fails
  4. Remove the query string from the URL and verify that it works without the query string.

Code Snippet

const TwilioClient = Twilio(process.env.TWILIO_ACCOUNT_SID, process.env.TWILIO_AUTH_TOKEN);

TwilioClient.messages.create({
    body: message,
    from: fromNumber,
    to: toNumber,
    statusCallback: 'https://example.com/webhook/twilio?id=12345',
});

// ...

router.post(
    '/twilio',
    twilio.webhook({
        authToken: process.env.TWILIO_AUTH_TOKEN,
        host: 'example.com',
        validate: true,
    }),
    async (req, res) => { /* ... */ },
);

Exception/Log

N/A but request returns a 403 due to the validation failing.

Technical details: