Verify Signature for Moralis Streams not working

pushpit07 · December 26, 2022, 1:29pm

export function verifySignature(req: any, secret: string) {
    const ProvidedSignature = req.headers['x-signature'];
    if (!ProvidedSignature) {
        throw new Error('Signature not provided');
    }
    const GeneratedSignature = web3.utils.sha3(JSON.stringify(req.body) + secret);
    if (GeneratedSignature !== ProvidedSignature) {
        throw new Error('Invalid Signature');
    }
}

This verify signature function did not work for me. I’m unable to verify streams

cryptokid · November 12, 2022, 1:02pm

What doesn’t work? Where it fails?

pushpit07 · November 12, 2022, 1:16pm

The GeneratedSignature does not match the ProvidedSignature

cryptokid · November 12, 2022, 1:18pm

Did you use your api key as the secret?

coder · January 5, 2023, 4:35am

Having the same issue. Yes I’m using the API key as the secret.

Our particular setup is using a Fastify web server and pulling the body from the request.

Potentially irrelevant sidenote: I prefer ethersjs to web3. Might allow us to configure our own “signature” on the backend and/or provide parallel examples (e.g. Keccak256)

cryptokid · January 5, 2023, 8:24am

What is the issue that you have? What is the code that you use to validate the signature? You can use any library to compute the hash.

coder · January 5, 2023, 3:53pm

Disregard. That was on me. Over-engineered it. Still mentally in contract land with packing and encoding.

A simple ethers.utils.id(combined_string) worked.

aoniaEng · February 3, 2023, 3:54pm

Hi having a similar issue with invalid signatures @cryptokid I’m working with remix

    const payload = await request.json();
    const signature = request.headers.get('x-signature');

It is getting the signature fine, but telling me the signature is invalid.

Moralis.Streams.verifySignature({
  body: payload,
  signature: signature,
});

The error I am getting is:
MoralisError [Moralis Stream Error]: [S0004] signature is not valid

joeblu · March 27, 2023, 6:25am

@cryptokid we’re experiencing this issue as well. We also get a MoralisError [Moralis Stream Error]: [S0004] signature is not valid error. One of our streams was shut down for too many failed deliveries as a result. When retrying these failed deliveries, some execute successfully and some do not for the same reason. Note that our retries that failed only occured when I spammed them all at once. Perhaps this is a timing issue?

cryptokid · March 27, 2023, 6:27am

I don’t know what could have caused an invalid signature check. Could you manually check a signature for a request that failed to check the signature?

gabrielstoica · February 27, 2024, 12:42pm

For everyone having this issue - make sure you’re setting the streamsSecret correctly. Programmatic by:

Moralis.start({
      streamsSecret: MORALIS_API_KEY,
    });

or manually by settings it in the Moralis settings page: https://docs.moralis.io/streams-api/evm/setup-secret-key