-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation and example of webhook signature check (through rawBody) #5491
Comments
I believe it can enable a good set of use cases the fact that we allow to the +1 on this. Although here I'd like to see what are we interested the most, the intention of skipping the parser or the intention of just have the raw-body. I'd personally see more useful the former as it enables more use cases (e.g. pipelining between body reading and signature verification). |
I noticed that guys are working on version 5 and planning changes to data parsing. This might be a good opportunity to add a body to the FastifyRequest object's raw property. In my opinion, it may be under I am aware of the P.S. IMO, you should update the title as it does not match the future request. |
Adding |
@mcollina definitely, but that's why it should be disabled by default, then there shouldn't be any difference in performance. On the other hand, adding a preParsing: (request, reply, payload, done) => {
let data = '';
payload.on('data', (chunk: string) => {
data += chunk;
});
payload.on('end', () => {
request.raw.body = data;
});
done(null, payload);
}, |
It looks like a plugin, and the |
Plugins typically add new features rather than restoring initial behavior. It often comes down to deciding what belongs in the core versus what should be handled by plugins. However, I agree with you — it makes sense for this to be a plugin. It would be ideal if the plugin were maintained by the Fastify team under the @fastify scope. The |
fastify.addContentTypeParser(
"application/json",
{ parseAs: "buffer" },
(request, payload, done) => {
done(null, payload);
},
); For things like Stripe, adding this parser gives you the raw |
Prerequisites
🚀 Feature Proposal
I'm currently aiming to verify the signature of a webhook route using the raw body data.
There is already a lot of issues around the subject since 2018:
There is still no clear documentation regarding signature verification or how to obtain a raw body inside the route handler to perform webhook signature check.
I think that the best option would still just to have a
rawBody: true
option on the route as @mcollina suggested here:issuecomment-619153284
This way, the raw body would appear only on selected routes to avoid unnecessary memory consumption.
Motivation
Enhance Fastify's usability and create a more welcoming environment.
Example
Payload:
In my project I'm loading dynamically all routes from folders and subfolders, for an unknown reason
fastify-raw-body
wasn't working for me.There is the implementation I made to address my issue for now (added a
preParsing
hook to the route and using raw-body library to read the stream).The text was updated successfully, but these errors were encountered: