From 58996a879ada8c6cb8d2033f8dc255b696b4ef03 Mon Sep 17 00:00:00 2001 From: Rihards Fridrihsons Date: Sun, 6 Nov 2022 18:18:34 +0200 Subject: [PATCH] Fix signature error with email in params There is an issue with signature creation for requests involving emails (subaccount requests). The query params are encoded and then the signature is created from encoded query, but for the signature to be correct, it has to be created on decoded query, and encoded after signature is created. email=xxx%40xxx.com this is encoded, and therefore creates wrong signature, so we need to decode it, when creating the signature. I encountered this only for emails in params, but could also happen in other cases --- node-binance-api.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node-binance-api.js b/node-binance-api.js index 615485fc..7ae05cb4 100644 --- a/node-binance-api.js +++ b/node-binance-api.js @@ -328,7 +328,7 @@ let api = function Binance( options = {} ) { data.timestamp = new Date().getTime() + Binance.info.timeOffset; if ( typeof data.recvWindow === 'undefined' ) data.recvWindow = Binance.options.recvWindow; let query = method === 'POST' && noDataInSignature ? '' : makeQueryString( data ); - let signature = crypto.createHmac( 'sha256', Binance.options.APISECRET ).update( query ).digest( 'hex' ); // set the HMAC hash header + let signature = crypto.createHmac( 'sha256', Binance.options.APISECRET ).update( decodeURIComponent(query) ).digest( 'hex' ); // set the HMAC hash header if ( method === 'POST' ) { let opt = reqObjPOST( url,