To verify that a request was sent from Moralis, you can use the following code with ethers js, or write the equivalent using web3js
const verifySignature = (req, secret) => {
const providedSignature = req.headers["x-signature"];
if (!providedSignature) throw new Error("Signature not provided");
const generatedSignature = ethers.id(JSON.stringify(req.body) + secret);
if (generatedSignature !== providedSignature)
throw new Error("Invalid Signature");
};
app.post("/streams", async (req, res) => {
const settings = await Moralis.Streams.readSettings();
try {
verifySignature(req, settings.raw.secretKey);
console.log("Sent From Moralis");
return res.status(200).json();
} catch (e) {
console.log("Not Moralis");
return res.status(400).json();
}
});