Hey so i have a dev app on my clients stores its live on a couple of stores, i’ve been receiving webhooks for all these stores but recently 2 of my stores are giving Hmac validation errors while receiving webhooks this seems weird since if i was some issue with my hmac verification code it would fail for all store this seems to be isolated for 2 stores
has anyone experienced something similar ?
hmac code verification code
export const verifyBodyHmac = (
body: Buffer | undefined,
hmac: string,
secret: string,
digest: BinaryToTextEncoding = 'base64'
): boolean => {
const providedHmac = Buffer.from(hmac, 'utf-8');
const generatedHash = Buffer.from(getHmacValue(body, secret, digest, 'sha256'), 'utf-8');
let hashEquals = false;
// timingSafeEqual will prevent any timing attacks. Arguments must be buffers
try {
hashEquals = crypto.timingSafeEqual(generatedHash, providedHmac);
// timingSafeEqual will return an error if the input buffers are not the same length.
} catch (e) {
hashEquals = false;
}
if (!hashEquals) {
logger.error(
`Provided HMAC does not match generated HMAC. Generated HMAC: ${generatedHash.toString()},
Provided HMAC: ${providedHmac.toString()}, Body: ${(body ?? '').toString()}`
);
}
return hashEquals;
};
this is happening for all topics that i’ve subscribed to for e.g. products/create, products/update, orders/create, orders/update