From 3457470383f2f84f327bc816f5e62a29f38930e3 Mon Sep 17 00:00:00 2001 From: Dom Webber Date: Thu, 15 Feb 2024 12:24:33 +0000 Subject: [PATCH] fix: remove sha-1 checking where not working --- src/CloudAPI/CloudAPIWebhook/index.ts | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/src/CloudAPI/CloudAPIWebhook/index.ts b/src/CloudAPI/CloudAPIWebhook/index.ts index a92d396..6ede755 100644 --- a/src/CloudAPI/CloudAPIWebhook/index.ts +++ b/src/CloudAPI/CloudAPIWebhook/index.ts @@ -269,13 +269,6 @@ export default class CloudAPIWebhook extends AbstractAPI { `Received Webhook Event Notification: "${JSON.stringify(request)}"`, ); - const xHubSignature1 = request.headers["x-hub-signature"] - ?.toString() - .replace("sha1=", ""); - if (xHubSignature1) { - throw CloudAPIWebhookError.invalidXHubSignature(); - } - const xHubSignature256 = request.headers["x-hub-signature-256"] ?.toString() .replace("sha256=", ""); @@ -301,15 +294,6 @@ export default class CloudAPIWebhook extends AbstractAPI { `Comparing SHA-256 signatures for integrity check: "${xHubSignature256}" === "${generatedSignature256}" (${isAuthentic256})`, ); - const generatedSignature1 = createHmac("sha1", appSecret) - .update(bodyString) - .digest("hex"); - - const isAuthentic1 = xHubSignature1 === generatedSignature1; - this._logger?.debug( - `Comparing SHA-1 signatures for integrity check: "${xHubSignature1}" === "${generatedSignature1}" (${isAuthentic1})`, - ); - return isAuthentic256; };