Now works on JSON body API calls too

Body must be minified so signature matches body

Author: lantrix

README.md

@@ -61,7 +61,38 @@ Provide the values manually or from your private environment variables:
 
 ![request example](./.github/assets/insomnia-edit-tag.png)
 
+**NB:** Ignore the Live Preview error
+
 The plugin will generate and add the headers:
 
  - `X-Ovh-Timestamp`
  - `X-Ovh-Signature`
+
+## Important Minification in JSON Body Text
+
+Because of the way `PUT` and `POST` methods need the JSON body included in the signature, currently the body of your request needs to be minified with no spaces, for example when editing a credential with `PUT` on the `/1.0/me/api/credential/<credentialId>` endpoint:
+
+The body might be like this, and [must be fully minified](https://stackoverflow.com/a/48487241).
+
+```json
+{"allowedIPs":["127.0.0.1/32","127.0.0.2/32"]}
+```
+
+This results in the insomnia request Timeline being:
+
+```
+> PUT /1.0/me/api/credential/553184188 HTTP/1.1
+> Host: api.ovh.com
+> User-Agent: insomnia/2022.6.0
+> Content-Type: application/json
+> Accept: application/json
+> X-Ovh-Application: 1234567890abcdef
+> X-Ovh-Consumer: 0987654321defabc
+> X-Ovh-Timestamp: 1667135223
+> X-Ovh-Signature: $1$0987654321123456789009876543211234567890
+> Content-Length: 51
+
+| {"allowedIPs":["127.0.0.1/32","127.0.0.2/32"]}
+```
+
+If there are spaces in your JSON body, the plugin currently can't generate a matching signature. A future TODO for sure.

plugin.js

@@ -4,7 +4,7 @@ module.exports.templateTags = [
   {
     name: 'ovhsignature',
     displayName: 'OVH Signature',
-    description: 'Sign OVH CLoud API requests',
+    description: 'Sign OVH Cloud API requests',
 
     args: [
       {
@@ -33,19 +33,17 @@ module.exports.templateTags = [
 ]
 
 function signOvhRequest(as, ck, httpMethod, url, body, timestamp) {
-    let signed = [ as, ck, httpMethod, url, '', timestamp ];
-    return '$1$' + crypto.createHash('sha1').update(signed.join('+')).digest('hex');
+  if (typeof(body) === 'object' && Object.keys(body).length > 0) {
+    body = JSON.stringify(body, null)
+  }
+  let signed = [ as, ck, httpMethod, url, body, timestamp ];
+  return '$1$' + crypto.createHash('sha1').update(signed.join('+')).digest('hex');
 }
 
 module.exports.requestHooks = [async (context) => {
-  console.log("Inserting X-Ovh-Signature into http headers")
   const as = await context.store.getItem("ovhcloud-as")
-  console.log("as " + as)
   const ck = await context.store.getItem("ovhcloud-ck")
-  console.log("ck " + ck)
   const requestUrl = context.request.getUrl();
-  console.log("requestUrl " + requestUrl)
-  console.log("requestBody " + requestBody);
   const httpMethod = context.request.getMethod().toUpperCase();
   const body = context.request.getBody()
   let requestBody = '';
@@ -56,7 +54,9 @@ module.exports.requestHooks = [async (context) => {
     }
   }
   const timestamp = Math.round(Date.now() / 1000)
+  console.log("Inserting X-Ovh-Timestamp into http headers")
   context.request.setHeader("X-Ovh-Timestamp", timestamp);
   const signature = signOvhRequest(as, ck, httpMethod, requestUrl, requestBody, timestamp)
+  console.log("Inserting X-Ovh-Signature into http headers")
   context.request.setHeader("X-Ovh-Signature", signature);
 }]