-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcheckHmacValidity.ts
More file actions
52 lines (38 loc) · 1.29 KB
/
checkHmacValidity.ts
File metadata and controls
52 lines (38 loc) · 1.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
import logger from "../app-logger";
import { isString, isObject } from 'lodash'
import { createHmac } from "crypto";
const removeHmac = (key, { [key]: _, ...rest }) => rest
export const checkHmacValidity = (secret: string, qs: any) => {
try {
// should we add a message
if (!secret || !qs) { return false }
// const qs: any = req.query;
logger.debug('query', { qs })
// QS object
let obj: any = {};
// if qs is a string
if (isString(qs)) {
// generate object
obj = new URLSearchParams(qs)
}
if (isObject(qs)) {
// set object
obj = qs
}
logger.debug('obj', { obj })
// no hmac what are we doing here ?
if (!obj?.hmac) { return false }
const hmac = obj?.hmac;
obj = removeHmac("hmac", obj);
let searchParams: URLSearchParams = new URLSearchParams(obj);
let input = searchParams.toString();
logger.debug('input', input);
logger.debug('input', { input })
let hash = createHmac('SHA256', secret).update(input).digest('hex');
// validate and return
return hash === hmac;
} catch (error) {
logger.error(`checkHmacValidity ${error}`);
return false;
}
}