request.rawBody 是缓冲区吗?我对定义 'buf' 感到困惑
Is request.rawBody a buffer? I'm confused on defining 'buf'
我按照这里的代码:https://kiewic.com/validate-x-hub-signatue 来验证 header 的签名,我想除了 'buf' 之外,我已经完全正确并理解了。我从来没有听说过缓冲区,并且通过一些研究我认为(?)我得出的结论是 request.rawBody 应该是论点,但我没有信心。
// Sends the post body into the db and the header is used to validate the post
exports.addEvent = functions.https.onRequest((request, resolve) => {
if (request.method !== "POST") {
resolve.status(400).send('Please send a POST request')
return
}
//This checks if the request is valid
if (!verifyRequest(request, request.rawBody)) {
request.rawBody 是正确的论点吗? ^^^^^^^^^^^^^^ 为 'buf'
resolve.status(400).send('Please send a valid request')
return
}
// adds post body to the db
fb.db.collection("fbCollectionToAddTo").add(request.body)
return
})
// Calculate the Signature header value.
function getSignature(buf) {
var hmac = crypto.createHmac("sha1", "SECRETSTRING")
hmac.update(buf, "utf-8")
return "sha1=" + hmac.digest("hex")
}
// Verifies that the signature is correct
function verifyRequest(req, buf) {
var expected = req.headers['Signature']
var calculated = getSignature(buf)
console.log("Signature:", expected, "Content:", "-" + buf.toString('utf8') + "-")
if (expected !== calculated) {
console.log("Invalid signature.")
return false
} else {
console.log("Valid signature!")
return true
}
}
根据 Cloud Functions documentation and ,request.rawBody 实际上是一个包含整个请求主体的缓冲区。我不知道这是否适合您的具体情况。如果 verifyRequest 期望将其余主体作为其第二个参数,那么是的,看起来没问题。
我按照这里的代码:https://kiewic.com/validate-x-hub-signatue 来验证 header 的签名,我想除了 'buf' 之外,我已经完全正确并理解了。我从来没有听说过缓冲区,并且通过一些研究我认为(?)我得出的结论是 request.rawBody 应该是论点,但我没有信心。
// Sends the post body into the db and the header is used to validate the post
exports.addEvent = functions.https.onRequest((request, resolve) => {
if (request.method !== "POST") {
resolve.status(400).send('Please send a POST request')
return
}
//This checks if the request is valid
if (!verifyRequest(request, request.rawBody)) {
request.rawBody 是正确的论点吗? ^^^^^^^^^^^^^^ 为 'buf'
resolve.status(400).send('Please send a valid request')
return
}
// adds post body to the db
fb.db.collection("fbCollectionToAddTo").add(request.body)
return
})
// Calculate the Signature header value.
function getSignature(buf) {
var hmac = crypto.createHmac("sha1", "SECRETSTRING")
hmac.update(buf, "utf-8")
return "sha1=" + hmac.digest("hex")
}
// Verifies that the signature is correct
function verifyRequest(req, buf) {
var expected = req.headers['Signature']
var calculated = getSignature(buf)
console.log("Signature:", expected, "Content:", "-" + buf.toString('utf8') + "-")
if (expected !== calculated) {
console.log("Invalid signature.")
return false
} else {
console.log("Valid signature!")
return true
}
}
根据 Cloud Functions documentation and request.rawBody 实际上是一个包含整个请求主体的缓冲区。我不知道这是否适合您的具体情况。如果 verifyRequest 期望将其余主体作为其第二个参数,那么是的,看起来没问题。