search

woocommerce / wc-api-node

This client is obsolete and will no longer receive updates, a new JavaScript library is available under the name of @woocommerce/woocommerce-rest-api
https://www.npmjs.com/package/woocommerce-api
MIT License
144 stars 63 forks source link

Woocommerce Webhook Signatures Don't match #66

Closed Andriy-Kulak closed 7 years ago

Andriy-Kulak commented 7 years ago

I have been attempting to make my woocommerce webhooks more secure by verifying the signature in the request headers but I have not be been able to get signatures to match at the moment so I am looking for some guidance.

The code below is what I use to compute the signature (aka computedSignature) in Node Js and compare it to what woocommerce webhook sends (signature).

Does anyone have any ideas or suggestions?

function processWebHookSignature(secret, body, signature) {
  const signatureComputed = crypto.createHmac('SHA256', secret).update(
  new Buffer(JSON.stringify(body), 'utf8')).digest('base64');
  console.log('signatureComputed =====', signatureComputed);
  console.log('signature =====', signature);
  return (signatureComputed === signature);
}

// executing
processWebHookSignature(WEBHOOK_SECRET, req.body, req.headers['x-wc-webhook-signature']);
claudiosanches commented 7 years ago

This question does not sound like related to this REST API library. Better try the WooCommerce support channel: https://wordpress.org/support/plugin/woocommerce