Unable to verify raw body from webhook with crypto node

Hi! I’m new to n8n, and really njoyin it so far :slight_smile: I was able to set up a workflow with an incoming webhook, but I can’t figure out how to verify the request.

Describe the issue/error/question

The post request contains a secret key, which should be used to verify the request with hmac. It needs to calculate the SHA256 hash based on the raw body, but whatever I try, the hash is always different.

The problem seems to be that the JSON in the real raw body is different from the body in n8n. The forward slashes are escaped when I check the request with ngrok, but they’re not anymore in n8n. So So "url":"https:\/\/www.example.com" becomes "url":"https://www.example.com", which of course results in a different hash.

When I manually enter the raw body from ngrok, the hashes match.

I tried forwarding the raw body as binary to the ‘Move binary data’, and then use that JSON output in the verification node, but wasn’t able to get that to work either.

What is the error message (if any)?

If I use the expresion {{$json["body"]}} as value, I get the following error:

ERROR: The “data” argument must be of type string or an instance of Buffer, TypedArray, or DataView. Received an instance of Object

If I enter the JSON manually, no error. Just a different hash if I use the JSON from the n8n object.

Please share the workflow

{
  "nodes": [
    {
      "parameters": {
        "httpMethod": "POST",
        "path": "ybug-romanesco",
        "options": {}
      },
      "name": "Romanesco",
      "type": "n8n-nodes-base.webhook",
      "typeVersion": 1,
      "position": [
        -250,
        150
      ],
      "webhookId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "notesInFlow": true,
      "notes": "Receive Ybug report"
    },
    {
      "parameters": {
        "action": "hmac",
        "type": "SHA256",
        "value": "={{$json[\"body\"]}}",
        "secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      },
      "name": "Verify request",
      "type": "n8n-nodes-base.crypto",
      "typeVersion": 1,
      "position": [
        -60,
        30
      ]
    }
  ],
  "connections": {
    "Romanesco": {
      "main": [
        [
          {
            "node": "Verify request",
            "type": "main",
            "index": 0
          }
        ]
      ]
    }
  }
}

Share the output returned by the last node

[
  {
    "headers": {
      "x-real-ip": "xxxxxxxxxxxxxxxxxxxxxxxx",
      "x-forwarded-for": "xxxxxxxxxxxxxxxxxxxx",
      "host": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.hooks.n8n.cloud",
      "x-forwarded-proto": "https",
      "x-nginx-proxy": "true",
      "connection": "close",
      "content-length": "1184",
      "user-agent": "GuzzleHttp/6.3.3 curl/7.71.0 PHP/7.3.32",
      "content-type": "application/json",
      "x-ybug-signature": "sha256=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    },
    "params": {},
    "query": {},
    "body": {
      "id": "t3str3p0rt",
      "title": "Sample feedback report",
      "reportId": 0,
      "reporter": {
        "name": "Tester",
        "email": "[email protected]",
        "phone": null
      },
      "url": "https://www.example.com",
      "comment": "Sample feedback text...",
      "rating": 5,
      "netPromoterScore": null,
      "priority": {
        "id": "2",
        "name": "High"
      },
      "type": {
        "id": "1",
        "name": "Bug"
      },
      "sourceType": "widget",
      "createdAt": "2019-11-10T06:58:01Z",
      "updatedAt": "2021-02-07T14:17:50Z",
      "attributes": {
        "screenWidth": "1280",
        "screenHeight": "800",
        "screenPixelDepth": "24",
        "browser": "Safari",
        "platform": "macOS",
        "screenPixelRatio": "1",
        "browserVersion": "12.1.1",
        "deviceType": "desktop",
        "viewportWidth": "1280",
        "viewportHeight": "739",
        "platformVersion": "10.14.5",
        "consoleLog": "{\"error\":3,\"info\":2}",
        "referrer": "https://referrer.com",
        "location": "US, California, San Francisco"
      },
      "customUserData": "{\"name\":\"Tester\",\"session\":\"MYSESSIONID\"}",
      "screenshotUrl": "https://ybug.io/data/reports/tstproj3ct/t3str3p0rt/screenshot.jpg?_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "reportUrl": "https://ybug.io/dashboard/reports/detail/t3str3p0rt"
    }
  }
]

Information on your n8n setup

  • 0.147.1
  • default: SQLite
  • own(default)
  • npm

Hi @hugopeek, welcome to the community!

Glad to hear you enjoy n8n and sorry for the trouble. Would the approach described at Body payload as binary data from webhook - #2 by MutedJam work for you? This used the Raw Body option of the Webhook node to preserve the original JSON, followed by the Move Binary Data node writing the whole body into a string without parsing it.

Thanks @MutedJam, I tried the raw body option before but missed the Destination Key that the author described. That was indeed the key for isolating the raw body!

1 Like

Glad to hear this works, thanks so much for confirming and happy automating :slight_smile:

1 Like