Im working on cloud functions, and I'm receiving a webhook, as json, and the origin say there is a specific header, let it call myHeader for this question, once I access to the header, give me the output, on console, as SHA256=<key> but I don't know how to know if that header is correct from the origin or if is was modify.
The origin page say:
The endpoint receiving the payload must validate the payload by checking that the HTTP header -myHeader- of the callback matches the HMAC256 of the secret on the payload's body bytes. So, looking in the internet, I found some kind of decoding, but on Cloud Functions it didn't work
import firebase_admin
from firebase_admin import credentials
from firebase_admin import firestore
import base64
import json
import hmac, hashlib
# Use the application default credentials
cred = credentials.ApplicationDefault()
firebase_admin.initialize_app(cred, {
'projectId': 'my-project-id',
})
db = firestore.client()
def webhook(request):
myToken = "2ET#####################sB" #Secret from origin
signature = request.headers['BTCPAY-SIG']
request_json = request.get_json()
print(signature)
print('Validate?',
_generate_signature(json.dumps(request_json), myToken)
)
return f'Hello World!'
def _generate_signature(data, myToken): #Code from https://stackoverflow.com/questions/31848293/python3-and-hmac-how-to-handle-string-not-being-binary
key = myToken # Defined as a simple string.
key_bytes= bytes(key , 'latin-1') # Commonly 'latin-1' or 'utf-8'
data_bytes = bytes(data, 'latin-1') # Assumes `data` is also a string.
return hmac.new(key_bytes, data_bytes , hashlib.sha256).hexdigest()
In one execute print this sha256=790381c187##########################683447e4 and ebbadc3574####################221717ccef7496890 and the secret provided by the origin is something like 2ET#####################sB
So, nothing is equals, and I dont know what do I have to compare or validate
