|
|
@@ -9,7 +9,7 @@ const corsHeaders = {
|
|
|
}
|
|
|
|
|
|
// Validate HMAC signature from ShopRenter
|
|
|
-// Per ShopRenter documentation, HMAC is calculated from decoded parameter values
|
|
|
+// Per ShopRenter documentation, HMAC is calculated from code, shopname, and timestamp only
|
|
|
function validateHMAC(params: URLSearchParams, clientSecret: string): boolean {
|
|
|
if (!clientSecret) {
|
|
|
console.error('[ShopRenter] Client secret is empty or undefined')
|
|
|
@@ -22,19 +22,20 @@ function validateHMAC(params: URLSearchParams, clientSecret: string): boolean {
|
|
|
return false
|
|
|
}
|
|
|
|
|
|
- // Build data to validate: all params except hmac, sorted alphabetically
|
|
|
- const dataToValidate: { [key: string]: string } = {}
|
|
|
- for (const [key, value] of params.entries()) {
|
|
|
- if (key !== 'hmac') {
|
|
|
- dataToValidate[key] = value
|
|
|
- }
|
|
|
+ // Get the required parameters for HMAC validation
|
|
|
+ // Per ShopRenter docs, only code, shopname, and timestamp are included
|
|
|
+ const code = params.get('code')
|
|
|
+ const shopname = params.get('shopname')
|
|
|
+ const timestamp = params.get('timestamp')
|
|
|
+
|
|
|
+ if (!code || !shopname || !timestamp) {
|
|
|
+ console.error('[ShopRenter] Missing required parameters for HMAC validation')
|
|
|
+ return false
|
|
|
}
|
|
|
|
|
|
- // Sort parameters alphabetically by key and create query string
|
|
|
- const sortedParams = Object.keys(dataToValidate)
|
|
|
- .sort()
|
|
|
- .map(key => `${key}=${dataToValidate[key]}`)
|
|
|
- .join('&')
|
|
|
+ // Create query string with parameters in alphabetical order
|
|
|
+ // Per ShopRenter docs: code, shopname, timestamp (alphabetically sorted)
|
|
|
+ const sortedParams = `code=${code}&shopname=${shopname}×tamp=${timestamp}`
|
|
|
|
|
|
console.log(`[ShopRenter] HMAC validation - sorted params: ${sortedParams}`)
|
|
|
console.log(`[ShopRenter] HMAC validation - client secret length: ${clientSecret.length}`)
|
