koa-shopify-auth icon indicating copy to clipboard operation
koa-shopify-auth copied to clipboard

Published 20 hours ago verified publisher icon Shopify

HMAC verification and Koa Body Parser

Open lexus65 opened this issue 3 years ago • 3 comments

Struggling with HMAC verification.

But if I'm adding koaBody parser, it hangs up.

I expect it to validate hmac and return 401 if not valid. If HMAC is fine then process webhook.

Any ideas how to solve it?

router.post("/webhooks", koaBody({includeUnparsed: true}), async (ctx, next) => { try { if(!webhookValid(ctx.request.body[unparsed], ctx.req.headers["x-shopify-hmac-sha256"])){ ctx.throw('INVALID HMAC', 401); return next(); }

await Shopify.Webhooks.Registry.process(ctx.req, ctx.res); } catch (err) { console.error(err); err.status = err.statusCode || err.status || 401; throw err; } console.log(Webhook processed with status code 200); });

lexus65 avatar Jan 16 '22 22:01 lexus65

@lexus65 fyi @shopify/koa-shopify-webhooks

devopsangel avatar Jan 17 '22 02:01 devopsangel

@devopsangel thanks, but what is your idea?

lexus65 avatar Jan 17 '22 08:01 lexus65

You can validate webhooks using that library. It will act as middleware.

devopsangel avatar Jan 17 '22 13:01 devopsangel

Note that this repo is no longer maintained and this issue will not be reviewed. Prefer the official JavaScript API library. If you still want to use Koa, see simple-koa-shopify-auth for a potential community solution.

github-actions[bot] avatar Jan 30 '23 20:01 github-actions[bot]