oapi-sdk-python icon indicating copy to clipboard operation
oapi-sdk-python copied to clipboard

Published 20 hours ago verified publisher icon larksuite

卡片回调的_verify函数存在问题

Open Cidyerlia opened this issue 7 months ago • 5 comments

飞书文档里描述安全验证需要ENCRYPT_KEY和sha256作为哈希函数运算,然后和飞书header里的签名做验证。但是CardActionHandler里_verify函数的实现方式是利用VERIFICATION_TOKEN和sha1函数运算,导致签名无法通过验证。 此外,解密方法也有问题,安全验证后,无法把body解密

Cidyerlia avatar Jul 24 '24 06:07 Cidyerlia