From 05e9d3b588086a6f142578da385b9e077a87e6b9 Mon Sep 17 00:00:00 2001 From: Jonas Platte Date: Fri, 1 Nov 2024 12:16:54 +0100 Subject: [PATCH 1/3] Remove Fastify webhook verification example The example stringifies the payload, which is not the right thing to do. --- docs/receiving/verifying-payloads/how.mdx | 49 ----------------------- 1 file changed, 49 deletions(-) diff --git a/docs/receiving/verifying-payloads/how.mdx b/docs/receiving/verifying-payloads/how.mdx index dc5fe07..71cb439 100644 --- a/docs/receiving/verifying-payloads/how.mdx +++ b/docs/receiving/verifying-payloads/how.mdx @@ -561,55 +561,6 @@ app.post('/webhook', bodyParser.raw({type: 'application/json'}), (req, res) => { }); ``` -### Node.js (Fastify) - -```js -// routes/webhooks.ts -import { FastifyInstance } from "fastify"; -import { Webhook } from "svix"; - -export async function routes(fastify: FastifyInstance) { - fastify.post('/webhooks', { - handler: async (request, reply) => { - const WEBHOOK_SECRET = process.env.WEBHOOK_SECRET as string; - - // Get the headers and body - const headers = request.headers; - const payload = request.body; - - // Get the Svix headers for verification - const svix_id = headers["svix-id"] as string; - const svix_timestamp = headers["svix-timestamp"] as string; - const svix_signature = headers["svix-signature"] as string; - - // If there are no Svix headers, error out - if (!svix_id || !svix_timestamp || !svix_signature) { - return new Response("Error occurred -- no svix headers", { - status: 400, - }); - } - - const wh = new Webhook(WEBHOOK_SECRET); - let msg; - - try { - msg = wh.verify(JSON.stringify(payload), { - "svix-id": svix_id, - "svix-timestamp": svix_timestamp, - "svix-signature": svix_signature, - }); - } catch (err: any) { - return reply.code(400).send(`Webhook Error: ${err.message}`) - } - - // Do something with the message... - - return reply.send({ received: true }) - }, - }) -} -``` - ### Node.js (NestJS) Initialize the application with the `rawBody` flag set to true. See the (NestJS docs)[https://docs.nestjs.com/faq/raw-body#raw-body] for details. From e8db5d92e360951c7e99ec7d5dd3d116d1ccb3b8 Mon Sep 17 00:00:00 2001 From: Jonas Platte Date: Fri, 1 Nov 2024 12:26:30 +0100 Subject: [PATCH 2/3] Add a note about express.json() middleware in webhook verification example --- docs/receiving/verifying-payloads/how.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/receiving/verifying-payloads/how.mdx b/docs/receiving/verifying-payloads/how.mdx index 71cb439..dfcf810 100644 --- a/docs/receiving/verifying-payloads/how.mdx +++ b/docs/receiving/verifying-payloads/how.mdx @@ -537,6 +537,10 @@ export const handler = async ({body, headers}) => { ### Node.js (Express) +**Note:** When integrating this example into a larger codebase, you will have to +make sure not to apply the `express.json()` middleware to the webhook route, +because the payload has to be passed to `wh.verify` without any prior parsing. + ```js import { Webhook } from "svix"; import bodyParser from "body-parser"; From 6c991af72fa0e44c0830be803b2914a612bfc47e Mon Sep 17 00:00:00 2001 From: Jonas Platte Date: Fri, 1 Nov 2024 12:26:49 +0100 Subject: [PATCH 3/3] Clean up whitespace in Express webhook verification example --- docs/receiving/verifying-payloads/how.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/receiving/verifying-payloads/how.mdx b/docs/receiving/verifying-payloads/how.mdx index dfcf810..d7f4507 100644 --- a/docs/receiving/verifying-payloads/how.mdx +++ b/docs/receiving/verifying-payloads/how.mdx @@ -547,7 +547,7 @@ import bodyParser from "body-parser"; const secret = "whsec_MfKQ9r8GKYqrTwjUPD8ILPZIo2LaLaSw"; -app.post('/webhook', bodyParser.raw({type: 'application/json'}), (req, res) => { +app.post('/webhook', bodyParser.raw({ type: 'application/json' }), (req, res) => { const payload = req.body; const headers = req.headers;