Fix signature error with email in params

koders · koders · commit 58996a879ada · 2022-11-07T17:15:47.000+02:00
There is an issue with signature creation for requests involving emails (subaccount requests).

The query params are encoded and then the signature is created from encoded query, but for the signature to be correct, it has to be created on decoded query, and encoded after signature is created.

email=xxx%40xxx.com this is encoded, and therefore creates wrong signature, so we need to decode it, when creating the signature.

I encountered this only for emails in params, but could also happen in other cases
diff --git a/node-binance-api.js b/node-binance-api.js
@@ -328,7 +328,7 @@ let api = function Binance( options = {} ) {
         data.timestamp = new Date().getTime() + Binance.info.timeOffset;
         if ( typeof data.recvWindow === 'undefined' ) data.recvWindow = Binance.options.recvWindow;
         let query = method === 'POST' && noDataInSignature ? '' : makeQueryString( data );
-        let signature = crypto.createHmac( 'sha256', Binance.options.APISECRET ).update( query ).digest( 'hex' ); // set the HMAC hash header
+        let signature = crypto.createHmac( 'sha256', Binance.options.APISECRET ).update( decodeURIComponent(query) ).digest( 'hex' ); // set the HMAC hash header
         if ( method === 'POST' ) {
             let opt = reqObjPOST(
                 url,
