In Javascript I have:
function authenticateAndFetch(payload) {
const endpoint = PropertiesService.getScriptProperties().getProperty('WEBHOOK_URL');
const hmac_key = PropertiesService.getScriptProperties().getProperty('HMAC_SHA_256_KEY');
var send_data = JSON.stringify(payload)
const signature = Utilities.computeDigest(Utilities.DigestAlgorithm.MD5, send_data)
.map(function(chr){return (chr+256).toString(16).slice(-2)})
.join(''); // Golf https://stackoverflow.com/a/49759368/300224
const fetch_options = {
'method': 'post',
'payload': {'gmail_details': send_data, 'signature': signature},
'muteHttpExceptions': true
};
const response = UrlFetchApp.fetch(endpoint, fetch_options);
return response.getContentText();
}
Then in PHP I validate this with:
$detailsString = $_POST['gmail_details'];
$correctSignature = md5($detailsString);
After some logging, and a long day, I found out that Javascript and PHP will produce different md5 sums for a string including this data:
HEX: 65 20 c2 97 20 44
Is there some way to sanitize the inputs in Javascript before sending them to PHP, or is there some way to get matching strings in both environments?