fix(verify_sign): fix _verify_sign function in action handler

larksuite · Jul 8, 2024 · ebf4360 · ebf4360
1 parent 05ccf87
commit ebf4360
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lark_oapi/card/action_handler.py b/lark_oapi/card/action_handler.py
@@ -100,8 +100,8 @@ def _verify_sign(self, request: RawRequest) -> None:
         timestamp = request.headers.get(LARK_REQUEST_TIMESTAMP)
         nonce = request.headers.get(LARK_REQUEST_NONCE)
         signature = request.headers.get(LARK_REQUEST_SIGNATURE)
-        bs = (timestamp + nonce + self._verification_token).encode(UTF_8) + request.body
-        h = hashlib.sha1(bs)
+        bs = (timestamp + nonce + self._encrypt_key).encode(UTF_8) + request.body
+        h = hashlib.sha256(bs)
         if signature != h.hexdigest():
             raise AccessDeniedException("signature verification failed")