For some reason I can't make this work
require crypto = require('crypto')
const hmac = crypto.createHmac('sha256', 'clientSecret')
const hash = hmac.update(JSON.stringify(req.body)).digest('hex')
if (hash !== req.header('X-Uber-Signature')) {
return res.json('something is wrong ' + hash + ' ' + req.header('X-Uber-Signature'))
}
return res.json('you got in!')
I'm following the instruction here https://developer.uber.com/docs/riders/guides/webhooks#security
but hash is generating different value
Other approaches are welcome too.
I had the same problem. Uber send json with spaces before keys and values. Like this
{"event_id": "...", "resource_href": "...", "meta": {"status": "...", "rider_id": "...", "user_id": "...", "resource_id": "..."}, "event_type": "...", "event_time": ...}
You can do this before activating boryparser. And create hex from this data
app.use(function (req, res, next) {
let data = "";
req.on('data', function(chunk){data += chunk});
req.on('end', function(){
req.jsonBody = JSON.parse(data);
req.rawBody = data;
req.originalUberReq = data;
});
next();
});
then
const hash = crypto.createHmac('sha256', secret)
.update(req.originalUberReq)
.digest('hex');