javascript – 使用Node.js,Express和Trialpay进行HMAC MD5验证

前端之家收集整理的这篇文章主要介绍了javascript – 使用Node.js,Express和Trialpay进行HMAC MD5验证前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在尝试使用Node.js和Express验证从TrialPay发送的消息. TrialPay使用HMAC-MD5哈希对请求进行签名,并在验证时提供 these instructions.

这是我的代码

app.post('/trialpay',function(req,res) {

    var key = "[MY MERCHANT KEY]";
    var hash = req.header("TrialPay-HMAC-MD5");
    var data = req.body.toString();

    var crypted = require("crypto").createHmac("md5",key)
        .update(data)
        .digest("hex");

    if (hash == crypted) {
        res.writeHead(200,{"Content-Type": "plain/text"});
        res.end("Success!");
    } else {
        throw new Error("Invalid TrialPay Hash");
    }  
});

显然,这不起作用(哈希不匹配).

免责声明:我对Node.js非常陌生,并且开始时只有很少的Javascript经验.

UPDATE

我没有意识到链接受到保护.

TrialPay uses your Notification-Key (set in your account information)
as the secret key to sign the HMAC. For GET requests the query string
that follows the question mark (in the URL) is signed. For POST
requests the entire POST body is signed.

以下是TrialPay如何指示您在Google App Engine(Python)中进行验证的示例:

class MyHandler(webapp.RequestHandler):
  def post(self):
  key = '[YOUR MERCHANT KEY]'
  tphash = self.request.headers['TrialPay-HMAC-MD5'] 
  if hmacmd5(key,self.request.body) != tphash:
    logging.info('invalid trialpay hash')
    return

更新2

req.body打印出来:

{ 
  oid: 'sample-order-id',sid: 'customer-sid',order_date: '04/24/2012',timestamp: '04/24/2012 16:28:46',first_name: 'customer-firstname',last_name: 'customer-lastname',email: 'customer@trialpay.com',revenue: '10.00',zip_code: '94041',country: 'US' 
}

解决方法

这应该是诀窍:
var crypto = require('crypto');

function calculateSignature(key) {
    return function(req,res,next) {
        var hash = req.header("TrialPay-HMAC-MD5"),hmac = crypto.createHmac("md5",key);

        req.on("data",function(data) {
            hmac.update(data);
        });

        req.on("end",function() {
            var crypted = hmac.digest("hex");

            if(crypted === hash) {
                // Valid request
                return res.send("Success!",{ "Content-Type": "text/plain" });
            } else {
                // Invalid request
                return res.send("Invalid TrialPay hash",{ "Content-Type": "text/plain" },403);
            }
        });

        req.on("error",function(err) {
            return next(err);
        });
    }
}

app.post("/trialpay",calculateSignature("[MY MERCHANT KEY]"));

猜你在找的JavaScript相关文章