我在这里执行代码:https://kiewic.com/validate-x-hub-signatue用于验证标头的签名,我认为除了"buf"之外,我已经完全正确并理解了它。我从来没有听说过缓冲区,通过一些研究,我认为(?(我已经得出结论,request.rawBody应该是一个论点,但我没有信心。
// Sends the post body into the db and the header is used to validate the post
exports.addEvent = functions.https.onRequest((request, resolve) => {
if (request.method !== "POST") {
resolve.status(400).send('Please send a POST request')
return
}
//This checks if the request is valid
if (!verifyRequest(request, request.rawBody)) {
request.rawBody是正确的论点吗作为"buf">
resolve.status(400).send('Please send a valid request')
return
}
// adds post body to the db
fb.db.collection("fbCollectionToAddTo").add(request.body)
return
})
// Calculate the Signature header value.
function getSignature(buf) {
var hmac = crypto.createHmac("sha1", "SECRETSTRING")
hmac.update(buf, "utf-8")
return "sha1=" + hmac.digest("hex")
}
// Verifies that the signature is correct
function verifyRequest(req, buf) {
var expected = req.headers['Signature']
var calculated = getSignature(buf)
console.log("Signature:", expected, "Content:", "-" + buf.toString('utf8') + "-")
if (expected !== calculated) {
console.log("Invalid signature.")
return false
} else {
console.log("Valid signature!")
return true
}
}
根据Cloud Functions文档和这个问题,request.rawBody实际上是一个包含整个请求体的缓冲区。我不知道这对你的具体情况是否正确。如果verifyRequest期望得到rest主体作为它的第二个参数,那么是的,看起来是可以的