@jpbs/common 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -7,7 +7,8 @@ exports.verifyGatewayToken = void 0;
|
|
|
7
7
|
const crypto_1 = __importDefault(require("crypto"));
|
|
8
8
|
const notauthorized_error_1 = require("../errors/notauthorized-error");
|
|
9
9
|
const verifySignature = (data, secret, timestamp, receivedSignature) => {
|
|
10
|
-
const
|
|
10
|
+
const expectedData = data && data.length > 0 ? data : '';
|
|
11
|
+
const expectedSignature = crypto_1.default.createHmac("sha256", secret).update(`${expectedData}.${timestamp}`).digest("hex");
|
|
11
12
|
return expectedSignature === receivedSignature;
|
|
12
13
|
};
|
|
13
14
|
const verifyGatewayToken = (gatewaySecret) => (req, _res, next) => {
|
|
@@ -21,7 +22,10 @@ const verifyGatewayToken = (gatewaySecret) => (req, _res, next) => {
|
|
|
21
22
|
if (Math.abs(currentTime - requestTime) > 2 * 60 * 1000) {
|
|
22
23
|
throw new notauthorized_error_1.NotAuthorizedError("Unauthorized request source: Expired Request");
|
|
23
24
|
}
|
|
24
|
-
|
|
25
|
+
const serializedData = req.method.toUpperCase() !== 'GET' && req.body && Object.keys(req.body).length > 0
|
|
26
|
+
? JSON.stringify(req.body)
|
|
27
|
+
: '';
|
|
28
|
+
if (!verifySignature(serializedData, gatewaySecret, timestamp, signature)) {
|
|
25
29
|
throw new notauthorized_error_1.NotAuthorizedError("Unauthorized request source: Invalid Signature");
|
|
26
30
|
}
|
|
27
31
|
next();
|