|
@@ -17,23 +17,36 @@ function validateHMAC(query: Record<string, string>, clientSecret: string): bool
|
|
|
return false
|
|
return false
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ if (!clientSecret) {
|
|
|
|
|
+ console.error('[ShopRenter] Client secret is empty or undefined')
|
|
|
|
|
+ return false
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
// Build sorted query string without HMAC
|
|
// Build sorted query string without HMAC
|
|
|
const sortedParams = Object.keys(params)
|
|
const sortedParams = Object.keys(params)
|
|
|
.sort()
|
|
.sort()
|
|
|
.map(key => `${key}=${params[key]}`)
|
|
.map(key => `${key}=${params[key]}`)
|
|
|
.join('&')
|
|
.join('&')
|
|
|
|
|
|
|
|
|
|
+ console.log(`[ShopRenter] HMAC validation - sorted params: ${sortedParams}`)
|
|
|
|
|
+ console.log(`[ShopRenter] HMAC validation - client secret length: ${clientSecret.length}`)
|
|
|
|
|
+
|
|
|
// Calculate HMAC using sha256
|
|
// Calculate HMAC using sha256
|
|
|
const calculatedHmac = createHmac('sha256', clientSecret)
|
|
const calculatedHmac = createHmac('sha256', clientSecret)
|
|
|
.update(sortedParams)
|
|
.update(sortedParams)
|
|
|
.digest('hex')
|
|
.digest('hex')
|
|
|
|
|
|
|
|
|
|
+ console.log(`[ShopRenter] HMAC validation - received hmac: ${hmac}`)
|
|
|
|
|
+ console.log(`[ShopRenter] HMAC validation - calculated hmac: ${calculatedHmac}`)
|
|
|
|
|
+
|
|
|
// Timing-safe comparison
|
|
// Timing-safe comparison
|
|
|
try {
|
|
try {
|
|
|
- return timingSafeEqual(
|
|
|
|
|
|
|
+ const result = timingSafeEqual(
|
|
|
new TextEncoder().encode(calculatedHmac),
|
|
new TextEncoder().encode(calculatedHmac),
|
|
|
new TextEncoder().encode(hmac)
|
|
new TextEncoder().encode(hmac)
|
|
|
)
|
|
)
|
|
|
|
|
+ console.log(`[ShopRenter] HMAC validation result: ${result}`)
|
|
|
|
|
+ return result
|
|
|
} catch (error) {
|
|
} catch (error) {
|
|
|
console.error('[ShopRenter] HMAC comparison error:', error)
|
|
console.error('[ShopRenter] HMAC comparison error:', error)
|
|
|
return false
|
|
return false
|
