Hi,
We’re hosting my Skill in a HTTPS server, we’ve tried to Submit the Skill but we have a failure: “the end-point is not validating the signatures for incoming requests”.
My “server.express-prod.js” looks like this:
Is there a guide on how should I verify and validate signatures using Jovo 4?
I remember there was a guide in Jovo 3, but I’ve found nothing in Jovo 4 docs, could you help me with that?
In V3 we use this very useful npm package: https://www.npmjs.com/package/alexa-verifier-middleware
You need that for the validating.
There’s no implementation example for the request validation in v4.
Here’s an untested example:
import { ExpressJs, Request, Response, Webhook } from '@jovotech/server-express';
import { app } from './app';
import express from 'express';
import verifier from 'alexa-verifier-middleware';
import * as bodyParser from 'body-parser';
const server: express.Application = express();
/*
|--------------------------------------------------------------------------
| EXPRESS SERVER CONFIGURATION
|--------------------------------------------------------------------------
|
| Creates a new express app instance, default for local development
| Learn more here: www.jovo.tech/docs/server/express
|
*/
const port = process.env.JOVO_PORT || 3000;
(async () => {
if (process.env.NODE_ENV === 'test' || process.env.JEST_WORKER_ID) {
return;
}
await app.initialize();
const router = express.Router();
router.use('/webhook', verifier);
router.use('/webhook', bodyParser.json());
server.use(router);
server.listen(port, () => {
console.info(`Local server listening on port ${port}.`);
});
server.post('/webhook', async (req: Request, res: Response) => {
await app.handle(new ExpressJs(req, res));
});
})();
Here’s the working implementation in v3 https://github.com/jovotech/jovo-framework/blob/06b30e9671bb63666973dc8f35394a2876cee8ed/jovo-framework/src/server.ts#L43