Can anyone help to verify Sendgrid signed webhook in node as the only example on the documentation is in Golang?

About

Asked 30/6, 2020 at 17:19 Answered 17/2, 2021 at 10:3

I am trying to verify signature from the Sendgrid signed webhook. Current Sendgrid documentation only provides example in Golang to use ecdsa package.

They say that this can be achieved with Node crypto package but I don't have too much insight in crypto language.

https://sendgrid.com/docs/for-developers/tracking-events/getting-started-event-webhook-security-features/#verify-the-signature

Can anyone help me to parse the current Golang codebase to javascript?

// Golang Example
s := http.Request.Header.Get("X-Twilio-Email-Event-Webhook-Signature")
ts := http.Request.Header.Get("X-Twilio-Email-Event-Webhook-Timestamp")

signatureBytes, _ := base64.StdEncoding.DecodeString(s)
ecdsaSig := struct {
R *big.Int
S *big.Int
}

asn1.Unmarshal(signatureBytes, &ecdsaSig)

tsBytes := []byte(ts)
payload, _ := ioutil.ReadAll(http.Request.Body)
h := sha256.New()
h.Write(tsBytes)
h.Write(payload)
hashedPayload := h.Sum(nil)

ecdsa.Verify(publicKey, hashedPayload, ecdsaSig.R, ecdsaSig.S)

Sternutation answered 30/6, 2020 at 17:19 Comment(3)

Can you ask a more specific question? Right now you're basically asking "can someone port this code to Node for me?" which is off-topic for StackOverflow. I suggest you attempt the problem yourself first and edit your question to include your code and a specific error message or behavior you are having problems with. – Kilburn 30/6, 2020 at 23:7

here is an example using the @sendgrid/eventwebhok github.com/sendgrid/sendgrid-nodejs/issues/… – Anestassia 3/12, 2020 at 7:5

Did you ever found an answer to that question? I am having some issues with the node package. Some feedback would be helpful. – Abandoned 11/5, 2023 at 6:10

-1

I use sendgrid-go eventwebhook helper to do signature verification, you can access the code here. The problem is, it only can verify single event webhook, so if multiple event (Exp: processed and delivered event in single request payload) the verification will failed. This bug currently reported in sendgrid-nodejs project here

import (
    "github.com/gin-gonic/gin"
    "github.com/sendgrid/sendgrid-go/helpers/eventwebhook"
)

const verkey  = "xxx"

func InsertHistory(c *gin.Context) {
    var results []map[string]interface{}
    if err := c.BindJSON(&results); err != nil {
        fmt.Println(err)
    }
    // Start checking Signature
    s := c.Request.Header.Get("X-Twilio-Email-Event-Webhook-Signature")
    ts := c.Request.Header.Get("X-Twilio-Email-Event-Webhook-Timestamp")

    payload := generatePayload(results)

    publicKey, _ := eventwebhook.ConvertPublicKeyBase64ToECDSA(verkey)
    b, err := eventwebhook.VerifySignature(publicKey, payload, s, ts)
    if err != nil {
        fmt.Println(err)
    }
    fmt.Printf("H.Signature: %s\nH.Timestamp: %s\nKey: %s\nPublicKey: %s\nVerified: %t", s, ts, verkey, publicKey, b)
}

Mendymene answered 17/2, 2021 at 10:3 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags