79366543

Date: 2025-01-18 04:07:22
Score: 2
Natty:
Report link

I found what is the different between header and result and try to fix it, I don't know this is a correct way to verify the result or not but it seems working

parseSignedRequest(signedRequest: string): {
  user_id: string;
  algorithm: 'HMAC-SHA256';
  issued_at: number;
} {
  const [encodedSig, payload] = signedRequest.split('.', 2);

  // decode the data
  const data = JSON.parse(this.base64UrlDecode(payload));

  const secret = "app-secret";

  // confirm the signature
  const expectedSig = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('base64')
    .replace('=', '')
    .replace(/\+/g, '-')
    .replace(/\//g, '_');

  if (expectedSig !== encodedSig) {
    throw new BadRequestException('Bad Signed JSON signature!');
  }

  return data;
}

private base64UrlDecode(input: string): string {
  const base64 = input.replace(/-/g, '+').replace(/_/g, '/');

  return Buffer.from(base64, 'base64').toString('utf-8');
}

I will be happy to get any suggestions

Reasons:
  • RegEx Blacklisted phrase (2): any suggestions
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Self-answer (0.5):
  • Low reputation (0.5):
Posted by: Mortie