«IncoverteSignature». Подпись запроса не соответствует стандартам платформы ⇐ Javascript

[Anonymous]

I need to help
I want to create callback lazada api for receive buyer message push in my market but i can't create access_token because response from api.lazada is "IncompleteSignature" I try solution on another post in stackoverflow "toUpperCase" or "UTF-8" and doesn't work
first :

Код: Выделить всё

import { buffer } from "micro";
import crypto from "crypto";

export const config = { api: { bodyParser: false } };

const APP_KEY = process.env.LAZADA_APP_KEY;
const APP_SECRET = process.env.LAZADA_APP_SECRET;
const REDIRECT_URI = process.env.LAZADA_REDIRECT_URI;
const OAUTH_HOST = "https://api.lazada.com";
console.log("App key:", APP_KEY);
console.log("App secret:", APP_SECRET);
console.log("Redirect URI:", REDIRECT_URI);

function verifySignature(rawBody, signature) {
const expected = crypto
.createHmac("sha256", APP_SECRET)
.update(APP_KEY + rawBody)
.digest("hex");
return signature === expected;
}
< /code>
второе: < /p>
async function handleOAuthCallback(req, res) {
const { code } = req.query;
if (!code) return res.status(400).send("Missing code");

// สร้าง timestamp เป็น milliseconds
const timestamp = Date.now().toString();

const path = "/rest/auth/token/create";
const params = {
app_key: APP_KEY,
code,
grant_type: "authorization_code",
redirect_uri: REDIRECT_URI,
timestamp,
sign_method: "sha256",
};

const sortedKeys = Object.keys(params).sort();
const canonical = sortedKeys.map((k) => `${k}${params[k]}`).join("");
console.log("Canonicalized:", canonical);

const toSign = `GET${path}${canonical}`;
console.log("String to sign:", toSign);

const signature = crypto
.createHmac("sha256", APP_SECRET)
.update(Buffer.from(toSign, "utf8"))
.digest("hex")
.toUpperCase();
console.log("Signature:", signature);

const query = sortedKeys
.map((k) => `${k}=${encodeURIComponent(params[k])}`)
.join("&");
const url = `${OAUTH_HOST}${path}?${query}&sign=${signature}`;
console.log("OAuth URL:", url);

console.log("=============LOG=============");
console.log("Timestamp:", timestamp);
console.log("Raw params:", params);
console.log("Sorted keys:", sortedKeys);
console.log("Query string:", query);
console.log("=============================");
const resp = await fetch(url);
const json = await resp.json();
console.log("Lazada response:", json);

if (json.code !== "0") {
return res.status(500).json({ error: json });
}

return res.status(200).json(json.data);
}
< /code>
и последнее: < /p>
export default async function handler(req, res) {
if (req.method === "GET") {
const { challenge, code } = req.query;

// ตรวจสอบ webhook challenge (เฉพาะกรณีที่ใช้ webhook IM)
if (challenge) return res.status(200).send(challenge);

// จัดการ OAuth Callback
if (code) return await handleOAuthCallback(req, res);
}

// POST สำหรับ webhook (IM/chat)
if (req.method === "POST") {
const raw = (await buffer(req)).toString();
const sig = req.headers["x-lazada-signature"];

if (!sig || !verifySignature(raw, sig)) {
return res.status(401).send("Invalid signature");
}

const body = JSON.parse(raw);

if (body.message_type === "chat_message") {
console.log("Chat message:", body.data);
}

return res.status(200).json({ success: true });
}

res.setHeader("Allow", ["GET", "POST"]);
res.status(405).end();
}

мой код строится на NextJs

Подробнее здесь: https://stackoverflow.com/questions/796 ... rm-standar