How to get the raw request body in Play?

Question

My play application has an endpoint for receiving webhooks from Stripe.

In order to verify the webhooks, the request body needs to be compared against a signature and a signing key. This requires that I have access to the raw request body, as sent.

However, it seems that Play alters the request body, and I can't get access to the raw contents. This causes the computed signature to change, and the verification fails. More info: https://stackoverflow.com/a/43894244/49153

Here's my code:

@Singleton
class WebhookController @Inject()(cc : ControllerComponents,
                                  env: Env)
                                 (implicit ec: ExecutionContext)
  extends AbstractController(cc) {

  private val log = Logger("WebhookController")


  def index(): Action[AnyContent] = Action.async { implicit req =>

      val signature =
          req.headers.headers.find(_._1 == "Stripe-Signature").map(_._2).getOrElse("").trim

      if (verifySignature(req.body.toString, signature, env.webhookSecretKey))
        Future.successful(ok("ok"))
      else
          Future.successful(ok("Couldn't verify signature"))
  }


}

Here I'm trying to access the body using req.body.toString but it looks to be the deserialized json rather than the raw body.

Using req.body.asRaw returns a none.

Any ideas?

score 2 · Accepted Answer · answered Dec 14 '19 at 05:26

2

Solved this by using Action.async(parse.raw) and then doing req.body.asBytes().map(_.utf8String).getOrElse("") to obtain the raw string of the body. Some more info: https://www.playframework.com/documentation/2.7.x/ScalaBodyParsers

answered Dec 14 '19 at 05:26

Ali

261,656
265
575
769

How to get the raw request body in Play?

1 Answers1

Linked