我正在尝试使用Node.js和Express验证从TrialPay发送的消息. TrialPay使用HMAC-MD5哈希对请求进行签名,并在验证时提供
these instructions.
这是我的代码:
app.post('/trialpay',function(req,res) {
var key = "[MY MERCHANT KEY]";
var hash = req.header("TrialPay-HMAC-MD5");
var data = req.body.toString();
var crypted = require("crypto").createHmac("md5",key)
.update(data)
.digest("hex");
if (hash == crypted) {
res.writeHead(200,{"Content-Type": "plain/text"});
res.end("Success!");
} else {
throw new Error("Invalid TrialPay Hash");
}
});
显然,这不起作用(哈希不匹配).
免责声明:我对Node.js非常陌生,并且开始时只有很少的Javascript经验.
UPDATE
我没有意识到链接受到保护.
TrialPay uses your Notification-Key (set in your account information)
as the secret key to sign the HMAC. For GET requests the query string
that follows the question mark (in the URL) is signed. For POST
requests the entire POST body is signed.
以下是TrialPay如何指示您在Google App Engine(Python)中进行验证的示例:
class MyHandler(webapp.RequestHandler):
def post(self):
key = '[YOUR MERCHANT KEY]'
tphash = self.request.headers['TrialPay-HMAC-MD5']
if hmacmd5(key,self.request.body) != tphash:
logging.info('invalid trialpay hash')
return
更新2
req.body打印出来:
{
oid: 'sample-order-id',sid: 'customer-sid',order_date: '04/24/2012',timestamp: '04/24/2012 16:28:46',first_name: 'customer-firstname',last_name: 'customer-lastname',email: 'customer@trialpay.com',revenue: '10.00',zip_code: '94041',country: 'US'
}
解决方法
这应该是诀窍:
var crypto = require('crypto');
function calculateSignature(key) {
return function(req,res,next) {
var hash = req.header("TrialPay-HMAC-MD5"),hmac = crypto.createHmac("md5",key);
req.on("data",function(data) {
hmac.update(data);
});
req.on("end",function() {
var crypted = hmac.digest("hex");
if(crypted === hash) {
// Valid request
return res.send("Success!",{ "Content-Type": "text/plain" });
} else {
// Invalid request
return res.send("Invalid TrialPay hash",{ "Content-Type": "text/plain" },403);
}
});
req.on("error",function(err) {
return next(err);
});
}
}
app.post("/trialpay",calculateSignature("[MY MERCHANT KEY]"));
原文地址:https://www.jb51.cc/js/157497.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
