Back
Webhook verification
So Im trying to verify my webhooks like stated in the docs but I weirdly get it to work on one webhook but not on two others.
My middleware code is this:
TypeScript
app.use((req, res, next) => {
logger.info(`${req.method} ${req.originalUrl} | ${req.ip}`);
if (!req.ip) return res.status(401).json({message: 'Unauthorized'});
const requestIp = req.ip.replace('::ffff:', '');
if (requestIp !== process.env.AUTHORIZED_IP) return res.status(401).json({message: 'Unauthorized'});
console.log('made it 1')
const signatureHeader = req.headers['x-appwrite-webhook-signature'];
const userAgent = req.headers["user-agent"];
const token = generateWebhookSignature(req.body, `${req.protocol}://${req.get("host")}${req.originalUrl}`);
console.log(token)
console.log(signatureHeader)
if (!userAgent || !userAgent.startsWith('Appwrite-Server')) return res.status(401).json({message: 'Unauthorized'});
console.log('made it 2')
if (!signatureHeader || signatureHeader !== token) return res.status(401).json({message: 'Unauthorized'});
console.log('made it 3')
next();
})
TypeScript
export const generateWebhookSignature = (payload: any, url: string) => {
console.log(url + JSON.stringify(payload))
return crypto
.createHmac("sha1", process.env.APPWRITE_SIG_KEY || "")
.update(url + JSON.stringify(payload))
.digest("base64");
};
As I said weirdly enough this generates the correct signature when a webhook is received by a document creation in my database but it generates different signatures when a document is deleted/updated and thus "fails" to authorize. Am I doing something wrong?
TL;DR
Developers are facing issues with webhook verification for different events. The signature generated does not match for document deletion and update, causing authorization to fail. Ensure that the payload includes all necessary data and is consistent for all events to generate the correct signature.These are the webhooks:
TypeScript
import {Router} from 'express';
const router = Router();
router.post('/database/events/create', (req, res) => {
console.log("create")
res.status(200).send({ success: true });
});
router.post('/database/events/update', (req, res) => {
console.log("update")
res.status(200).send({ success: true });
});
router.post('/database/events/delete', (req, res) => {
console.log("delete")
res.status(200).send({ success: true });
});
export default router;
