Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Report: invalid signature in localhost via tunnel (ngrok or localhost.run) #347

Closed
proxy-hatch opened this issue May 26, 2023 · 6 comments
Closed

Bug Report: invalid signature in localhost via tunnel (ngrok or localhost.run) #347

proxy-hatch opened this issue May 26, 2023 · 6 comments
Labels
no-activity

Comments

@proxy-hatch
Copy link

proxy-hatch commented May 26, 2023
edited
Loading

System Informations

  • Go version: go version go1.20.2 darwin/amd64
  • OS: macOS 13.2.1 (22D68)

Expected Behavior

signature validation should succeed with

http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
	events, err := func() ([]*linebot.Event, error) {
		return bot.ParseRequest(req)
	}()
}

Current Behavior

Got Error parsing request: invalid signature

Steps to Reproduce

  1. use a simple echo bot and run on localhost
  2. use ngrok or localhost.run tunnel to obtain an HTTPS endpoint
  3. set endpoint as webhook endpoint in LINE messaging console

Tried

Tried
ngrok http 8080 --region jp
ssh -R 80:localhost:8080 localhost.run
ssh -R 80:localhost:8080 localhost.run -- --no-inject-http-proxy-headers
all failed

When deployed (via AWS Lambda Function URL) however, signature validation passes.
So I highly suspect it is caused by HTTP tunneling

Similar thread reporting issue: https://www.line-community.me/en/question/5f040855851f74ab9c18db6a
@proxy-hatch
Copy link
Author

proxy-hatch commented May 26, 2023
edited
Loading

Also tried implementing parseRequest() myself to skip signature validation, but got a different error Error parsing request: unexpected end of JSON input

func localParseRequest(r *http.Request) ([]*linebot.Event, error) {
	defer r.Body.Close()
	body, err := io.ReadAll(r.Body)
	if err != nil {
        log.Printf("unable to read request body: %v", r.Body)
		return nil, err
	}
	log.Printf("Request body: %v", body)

	request := &struct {
		Events []*linebot.Event `json:"events"`
	}{}
	if err = json.Unmarshal(body, request); err != nil {
        log.Printf("unable to unmarshal request body: %v", body)
		return nil, err
	}
	return request.Events, nil
}

A quick fix would be to support turning signature validation off, somehow.

@proxy-hatch
Copy link
Author

also working with AWS SAM CLI local (package to container image I believe)

@proxy-hatch
Copy link
Author

also working with AWS SAM CLI local (package to container image I believe)

nevermind, this breaks after a while (a few days surprisingly). Must be some time-based signature validation

@Yang-33
Copy link
Contributor

Yang-33 commented Nov 16, 2023

Is this a request coming from LINE? Is there a possibility that this issue is occurring due to requests that do not carry json other than LINE?

@Yang-33
Copy link
Contributor

Yang-33 commented Nov 16, 2023
edited
Loading

And can you check why it failed? signature validation fails only if request body or x-line-signature header is modified. I don't think it's a SDK's bug...

@Yang-33 Yang-33 removed the bug label Nov 16, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 1, 2023

This issue was closed because it has been inactive for 14 days.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
no-activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Yang-33 @proxy-hatch