fix(nextcloud-talk): sign message text instead of JSON body
Nextcloud Talk's ChecksumVerificationService verifies HMAC against the extracted message/reaction text, not the full JSON body. This fixes 401 authentication errors when sending messages via the bot API. - sendMessageNextcloudTalk: sign 'message' text only - sendReactionNextcloudTalk: sign 'reaction' string only
This commit is contained in:
wang
wang
parent
34ce004151
commit
86e474cb0d
@ -89,8 +89,12 @@ export async function sendMessageNextcloudTalk(
|
||||
}
|
||||
const bodyStr = JSON.stringify(body);
|
||||
|
||||
// Nextcloud Talk verifies signature against the extracted message text,
|
||||
// not the full JSON body. See ChecksumVerificationService.php:
|
||||
// hash_hmac('sha256', $random . $data, $secret)
|
||||
// where $data is the "message" parameter, not the raw request body.
|
||||
const { random, signature } = generateNextcloudTalkSignature({
|
||||
body: bodyStr,
|
||||
body: message,
|
||||
secret,
|
||||
});
|
||||
|
||||
@ -179,8 +183,9 @@ export async function sendReactionNextcloudTalk(
|
||||
const normalizedToken = normalizeRoomToken(roomToken);
|
||||
|
||||
const body = JSON.stringify({ reaction });
|
||||
// Sign only the reaction string, not the full JSON body
|
||||
const { random, signature } = generateNextcloudTalkSignature({
|
||||
body,
|
||||
body: reaction,
|
||||
secret,
|
||||
});
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user