Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webhook example #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Webhook example #3

wants to merge 1 commit into from

Conversation

rubenofen
Copy link

No description provided.

@opimand
Copy link

opimand commented May 15, 2023

The result of verifyWebhookSignature() is always false for me. Have no idea where is a problem, the code was just rewritten for Typescript

const verifyWebhookSignature = async (
    binancePayTimestamp: string,
    binancePayNonce: string,
    bianacePaySignature: string,
    data: any
): Promise<boolean> => {
    console.log("Verifying Signature...");
    const payload = `${binancePayTimestamp}\n${binancePayNonce}\n${JSON.stringify(
        data
    )}`;
    const publicKey = await getPubKey();
    console.log("PublicKey: ", publicKey);

    const decodedSignature = Buffer.from(bianacePaySignature, "base64");

    const verify = crypto.createVerify("SHA256");
    verify.write(payload);
    verify.end();

    return await verify.verify(publicKey, decodedSignature);
};

@phDooY
Copy link

phDooY commented Sep 8, 2023

any luck? also failing to verify signature

@phDooY
Copy link

phDooY commented Sep 8, 2023

In case someone stumbles upon same issue, I was trying to go through troubleshooting FAQ here and through extensive logging realized that in js/typescript bizId Binance pay returns is a very large number beyond js capabilities. So the bizId from example 29383937493038367292 turns on JSON.stringify() of the body to 29383937493038367000

@phDooY
Copy link

phDooY commented Sep 9, 2023
edited
Loading

My version of working workaround is following:

const verifyWebhookSignature = async (
    binancePayTimestamp: string,
    binancePayNonce: string,
    bianacePaySignature: string,
    data: any
): Promise<boolean> => {
    console.log("Verifying Signature...");
    const dataModified = { ...data, bizId: data.bizIdStr };
    const payload = `${binancePayTimestamp}\n${binancePayNonce}\n${JSON.stringify(
        dataModified
    ).replace(/"bizId":"(\d+)"/g, '"bizId":$1')}\n`;
    const publicKey = await getPubKey();
    console.log("PublicKey: ", publicKey);

    const decodedSignature = Buffer.from(bianacePaySignature, "base64");

    const verify = crypto.createVerify("SHA256");
    verify.write(payload);
    verify.end();

    return await verify.verify(publicKey, decodedSignature);
};

bizIdStr is a mandatory param in webhook, so I replace bizId with it, and later on remove quotes from stringified data around bizId value

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@2pd 2pd

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rubenofen @opimand @phDooY @2pd