App engine - raw request body - stripe webhooks - google-app-engine

I'm trying to run my node.js app app engine and I am having trouble with stripe webhooks - with the constructEvent, that I need to give a request raw body. Worked on virtual machine but not on app engine.
event = stripe.webhooks.constructEvent(req.rawBody, sig, stripeKeys.webhookPaymentIntent);
Says:
No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe? https://github.com/stripe/stripe-node#webhook-signing

Just looking at the code that you posted here, I wonder if the last parameter is indeed the value that you wanted to pass to the constructEvent function. it reads webHookPaymentIntent. I wonder if this should really be the webhook signature secret? It may be that it really is the webhook secret value, but just named a bit misleadingly.
Maybe this is something though you can verify? A simple test would really to be to pass the string literal here to see if that would work first. Of course make sure not to commit that to any source control.
The stripe-node method params are listed here for reference: https://github.com/stripe/stripe-node/blob/1d6207e34f978d8709d42d8a05d7d7e8be6599c7/lib/Webhooks.js#L11

Related

Simple camel routing from to

I have a fundamental question regarding routing in Camel. Assuming I have this following route:
from(amq:MyQueue).process("jmsToHttp4").to("http4://dummyhost:8080").to("file://out/MyFolder");
Assuming that the http4-Response is just a String "Your Response". As far as I understood the documentation, "Your Response" can be retrieved through:
exchange.getOut().getBody()
Lets say that I only want to write "file://out/MyFolder", only if the reponse contains the word "Response". How can I achive this?
One more question:
If I want to write a test in a spring environment, how can I mock the response with "Your Response positive test" and "Your negative test"? Somehow I need to be able to write the response strings in the exchange.out.body right?
Thank you,
Hadi
One option would be to declare a .filter(body().contains("Response")) right after the HTTP call.
As for the test, you might use the mock component that offers you ways of processing the exchange and also asserting whatever you need when the message hits your mock endpoint.
There is actually some alternatives to test... I'm used to declaring the endpoints in the properties file and using the key in the class, e.g. .to("{{my.http.target}}"). Thus, in this case, in the test environment (dedicated properties file) you'd replace your http4 with mock.
In my opinion, it is cleaner and requires less control of the context when writing tests, mainly in big/complex applications. On the other hand, this might affect code readability.
But if you prefer to keep declaration in your Java class, you'll have to intercept the http4 call in the test env, then divert it to your mock endpoint.
I hope it's helpful.

Azure AD B2C Custom Policy Localized REST API Conflict Response

This is sort of an extension of this question here. I have a policy that calls a REST API. The API returns an error message and this message needs to be localized.
One way is to of course get the API to return a localized message, but is there a way for the CustomPolicy itself to localize the error code? According to the CustomPolicy Docs, a REST API can send an error code along with the Conflict error code. Our thinking was to use this error code as a key and select a localized message (from the messageValue enum mentioned in the answer in the link).
However, we can't seem to capture/handle the error data returned by the API. The Policy seems to handle error codes by itself and we would like to know if it is possible to inject localized exception/error messages from the policy itself.
Thanks in advance!
Edit: A little more information about the setup. We have a TechnicalProfile that has a DisplayWidget and a ValidationTechnicalProfile. The DisplayWidget is used for entering & verifying the user's phone/email and the ValidationTechnicalProfile makes the final call to the RestAPI with all the user's information to register him/her. This RestAPI call output is what we want to localize.
The suggestion in the linked SO question, from what I understand, is that we integrate another DisplayClaim (that references an enum) in the DisplayWidget, and depending on the ErrorCode returned by the call, change it to display the appropriate code. However, as per my understanding, this would also require editing the API to return only 200 along with a code. This code would indicate the true nature of the result - success or a code for one of the enums to be displayed.
Our aim therefore is to check if there is a way to follow the Policy's flow (disrupt the SignUp/SignIn process) but at the same time localize the API's displayed response.
We managed to find a workaround to this, so I'm posting this here for anyone else who might be interested in this.
Our restriction for localizations was the fact that used Phrase to manage our translations and wanted the CustomPolicy specific translations all in one place. Our CD workflow was as follows:
PolicyCommit -> Build Variable Replacement through PS -> Release Variable Replacement and localized strings replacement through PS & Policy Uploads
Barring the policy from localizing the APIs response, we had the following options to achieve this:
Sending the language to the API and having the API return the appropriate error message
in the appropriate language. We were reluctant to follow this because of a multitude of reasons, but mostly because we would also have to handle different regions, etc. in the API - something the policy does by itself.
We actually had only one API that we called, and also only two error messages that were used. Hence we created an enum with the two error messages that would be localized. We then used a chain of InputClaimsTransformations that did the following:
Repeat Steps 1 through 3 for all the errors
1. CreateStringClaim (Create ClaimTypes for each of the error codes, holding the index of the error code in the enum)
2. GetMappedValueFromLocalizedCollection (Make the localized enum choose and hold the value of the required error code)
3. AddItemToStringCollection (Add the localized error from the enum to a StringCollection)
4. GenerateJson (Add the error codes StringCollection to the JSON payload to be sent to the API)
This way, the policy performed the localization for all the errors and we sent them along with the request to the API. The API, when an error occurred, picked one of the error messages from the policy and sent it back. This method was for us, because of our CD structure and Phrase integration, much easier than actually having the translations in a file hosted on the cloud to be accessed by the API.
Hope this helps someone; I can also add code in case someone needs it :)

Google App Engine and Restlet Response differ from localhost

I have a restlet Application on google app engine, when testing on my local machine, I get the normal json response in the form I desire, but when deployed on the live appspot, the response is somehow mixed into some type of object.
localhost:
{"status":"404"}
appspot:
//OK[1,["{\"status\":\"404\"}"],0,7]
I figured this out, when declaring #GET, #PUT, #POST, etcc... You need to specify the content type you will be returning, despite the fat that your function may be a String, Rep function, I believe the default is a representation, and that is why the extra junk is added on. If you simply have #Get("txt") you will get your response as plain text.

httplib.HTTPConnection in Google AppEngine

I use httplib.HTTPConnection within my app. Do I really need to provide host parameter in httplib.HTTPConnection constructor? If so, why? (I mean, I know that it's a mandatory parameter, but I wonder if I could specify None or empty string) And is there any global constant in Google AppEngine and in development server which I can use within my app in order to omit explicitly defined host.
If you leave it out of the constructor, how will the other methods know where to send their messages?
The address/name of the server you're connecting to is the parameter for the HTTPConnection, the URI on that server is what goes into request.
From the python documentation (which is the basis for AppEngine)
h1 = httplib.HTTPConnection(host[, port[, strict[, timeout[, source_address]]]])
h1.request(method, url[, body[, headers]])
[edit]
Remember, it may not always be you who is responsible for this code. Also, why complicate things by including so much more information in the URI when you're (for example) making calls to numerous URI's on the same website?
[/edit]

Any way to get the pending_ms value for the current (or a specific) request from App Engine?

I'd like to know, in a particular request, what the pending_ms value is (assuming it exists for the given request).
I know that the App Engine logs include this value, but I'm hoping to find it elsewhere for use in gae_mini_profiler.
I've searched around the App Engine source, but no luck -- this is being added elsewhere in the GAE pipeline.
There's not currently any way to access this programmatically, either from within the request or outside it. Please do file a feature request for it, though.

Resources