I’m trying to write a Firebase Cloud function to receive EAS webhook notifications. I used the Express sample code from here: Webhooks - Expo Documentation as a starting point, but can’t get the signatures to match.
export const easWebhookListener = functions.https
.onRequest(async (req, res) => {
const expoSignature = req.headers['expo-signature'];
const hmac = crypto.createHmac('sha1', functions.config().easwebhook.key);
hmac.update(req.rawBody.toString());
const hash = `sha1=${hmac.digest('hex')}`;
if (
expoSignature?.length !== hash.length ||
!crypto.timingSafeEqual(
Buffer.from(expoSignature as string, 'utf8'),
Buffer.from(hash, 'utf8')
)
) {
console.error('Signatures do not match!');
res.status(500).send("Signatures didn't match!");
} else {
// never gets here
res.send('OK!');
}
});
I have checked that functions.config().easwebhook.key returns the correct value. I suppose req.rawBody.toString() might be the wrong way to parse the request data.
Any ideas about what I’m doing wrong or what I could try?
