From 605c8974cd0f46a390999ffe9bc0f1b3f0431c3a Mon Sep 17 00:00:00 2001 From: lucaslokchan Date: Mon, 8 Jul 2024 13:31:29 +1000 Subject: [PATCH] fix(verify_sign): fix _verify_sign function in action handler --- lark_oapi/card/action_handler.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lark_oapi/card/action_handler.py b/lark_oapi/card/action_handler.py index 460f87587..930f02443 100644 --- a/lark_oapi/card/action_handler.py +++ b/lark_oapi/card/action_handler.py @@ -100,8 +100,8 @@ def _verify_sign(self, request: RawRequest) -> None: timestamp = request.headers.get(LARK_REQUEST_TIMESTAMP) nonce = request.headers.get(LARK_REQUEST_NONCE) signature = request.headers.get(LARK_REQUEST_SIGNATURE) - bs = (timestamp + nonce + self._verification_token).encode(UTF_8) + request.body - h = hashlib.sha1(bs) + bs = (timestamp + nonce + self._encrypt_key).encode(UTF_8) + request.body + h = hashlib.sha256(bs) if signature != h.hexdigest(): raise AccessDeniedException("signature verification failed")