streams sign verification fix 🧑‍🔧

MoralisWeb3 · Jul 26, 2023 · 114d12f · 114d12f · vercel · Jul 26, 2023
1 parent 82ba205
commit 114d12f
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 4 deletions.
diff --git a/docs/02-streams-api/evm/response-body.md b/docs/02-streams-api/evm/response-body.md
@@ -8,7 +8,7 @@ The body contains the data you are interested in. Logs is in array containing ra
 
 ## How to verify the signature for the received webhook request
 
-In JavaScript or python, you can use this function, for other programming languages you can adapt this code. The secret is the web3api key for your account.
+In JavaScript or python, you can use this function, for other programming languages you can adapt this code. The secret key is the streams secret which you can find in [setting](https://admin.moralis.io/settings) page.
 
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
@@ -37,7 +37,7 @@ def verify_Signature(req, secret):
         raise TypeError("Signature not provided")
 
     data = req.data+secret.encode()
-    signature = Web3.sha3(data).hex()
+    signature = Web3.keccak(text=data.decode()).hex()
 
     if provided_signature != signature: 
         raise ValueError("Invalid Signature")

diff --git a/docs/02-streams-api/evm/webhook-security.md b/docs/02-streams-api/evm/webhook-security.md
@@ -15,7 +15,13 @@ The signature is sent in the request headers in `headers["x-signature"]` field,
 
 ## How to verify the signature for the received webhook request
 
-In JavaScript you can use this function, for other programming languages you can adapt this code. The secret is the web3api key for your account.
+In JavaScript or python, you can use this function, for other programming languages you can adapt this code. The secret key is the streams secret which you can find in [setting](https://admin.moralis.io/settings) page.
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+<Tabs groupId="programming-language">
+  <TabItem value="javascript" label="index.js (JavaScript)" default>
 
 ```javascript
 const verifySignature = (req, secret) => {
@@ -26,4 +32,23 @@ const verifySignature = (req, secret) => {
     if(generatedSignature !== providedSignature) throw new Error("Invalid Signature")
 
 }
-```
+```
+
+</TabItem>
+<TabItem value="python" label="index.py (Python)">
+
+```python Python
+def verify_Signature(req, secret):
+    provided_signature = req.headers.get("x-signature")
+    if not provided_signature:
+        raise TypeError("Signature not provided")
+
+    data = req.data+secret.encode()
+    signature = Web3.keccak(text=data.decode()).hex()
+
+    if provided_signature != signature: 
+        raise ValueError("Invalid Signature")
+```
+
+</TabItem>
+</Tabs>