Skip to content

feat: capture raw body bytes for v4 hmac calculation #8065

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MohammedRyaan786 merged 1 commit into from
Feb 11, 2026
Merged

feat: capture raw body bytes for v4 hmac calculation #8065

MohammedRyaan786 merged 1 commit into from
Feb 11, 2026
+617 −25

Conversation

@MohammedRyaan786
Copy link
Contributor

@MohammedRyaan786 MohammedRyaan786 commented Feb 5, 2026
edited
Loading

TICKET: CAAS-659

This pull request improves how HTTP request bodies are handled in the Express app, specifically to support v4 HMAC authentication that requires the exact raw request bytes. The main changes add logic to preserve the raw request body and ensure it is sent unchanged when proxying requests, which is important for signature verification.

Enhancements for request body handling and HMAC authentication:

  • The Express app now stores the raw request body buffer on each request before JSON parsing, enabling downstream code to access the exact bytes received from the client. This is necessary for v4 HMAC authentication, which relies on the unmodified request body.
  • A new sendRequestBody helper function is introduced in clientRoutes.ts to send the raw request body buffer when available, falling back to the parsed body for backward compatibility.
  • The redirectRequest function is updated to use sendRequestBody for all HTTP methods that send a body, ensuring the raw bytes are forwarded when possible.

Current PR is related to this BGMS PR

@MohammedRyaan786 MohammedRyaan786 requested review from a team as code owners February 5, 2026 12:40
@MohammedRyaan786 MohammedRyaan786 marked this pull request as draft February 5, 2026 12:40
@MohammedRyaan786
Copy link
Contributor Author

MohammedRyaan786 commented Feb 5, 2026

@claude please review this PR

Copilot AI mentioned this pull request Feb 5, 2026
Closed
@MohammedRyaan786 MohammedRyaan786 force-pushed the CAAS-659 branch 2 times, most recently from a7dbd99 to 35e2582 Compare February 5, 2026 14:49
@MohammedRyaan786 MohammedRyaan786 marked this pull request as ready for review February 5, 2026 15:01
This was referenced Feb 5, 2026
Closed
Closed
@BitGo BitGo deleted a comment from Copilot AI Feb 5, 2026
@BitGo BitGo deleted a comment from Copilot AI Feb 5, 2026
@BitGo BitGo deleted a comment from Copilot AI Feb 5, 2026
@lokesh-bitgo lokesh-bitgo requested a review from Copilot February 9, 2026 14:01
Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to preserve exact incoming HTTP request body bytes in the Express app so downstream v4 HMAC/signature verification can use the unmodified payload, and to forward that raw payload unchanged when proxying requests.

Changes:

  • Capture and store the raw JSON request body buffer during parsing (req.rawBodyBuffer).
  • Add a helper to prefer forwarding the raw body when proxying (sendRequestBody) and apply it across body-bearing HTTP methods.
  • Add unit tests validating raw-body capture behavior (whitespace/order preservation).

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 4 comments.

File Description
modules/express/src/expressApp.ts Adds bodyParser.json verify hook to capture raw request bytes into req.rawBodyBuffer.
modules/express/src/clientRoutes.ts Introduces sendRequestBody and updates redirectRequest to forward raw bytes when present.
modules/express/types/express/index.d.ts Extends Express Request typing with optional rawBodyBuffer.
modules/express/test/unit/clientRoutes/rawBodyBuffer.ts Adds tests validating raw-body buffer capture and preservation characteristics.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ppongbitgo ppongbitgo requested a review from Copilot February 9, 2026 14:10
Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@lokesh-bitgo
Copy link
Contributor

lokesh-bitgo commented Feb 9, 2026

@claude review this PR with a primary focus on the bug, and confirm whether these changes impact any other flows.

Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MohammedRyaan786 MohammedRyaan786 marked this pull request as ready for review February 9, 2026 18:46
@MohammedRyaan786 MohammedRyaan786 requested a review from a team as a code owner February 9, 2026 18:46
Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MohammedRyaan786 MohammedRyaan786 marked this pull request as draft February 9, 2026 18:53
Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 6 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MohammedRyaan786 MohammedRyaan786 marked this pull request as ready for review February 10, 2026 06:17
@lokesh-bitgo
Copy link
Contributor

lokesh-bitgo commented Feb 10, 2026

@claude review this PR with a primary focus on the bug, and confirm whether these changes impact any other flows.

@lokesh-bitgo lokesh-bitgo requested a review from Copilot February 10, 2026 08:32
Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pranavjain97
pranavjain97 reviewed Feb 10, 2026
View reviewed changes
@MohammedRyaan786 MohammedRyaan786 marked this pull request as draft February 11, 2026 09:25
@MohammedRyaan786 MohammedRyaan786 marked this pull request as ready for review February 11, 2026 10:09
pranavjain97
pranavjain97 approved these changes Feb 11, 2026
View reviewed changes
Copy link
Contributor

@pranavjain97 pranavjain97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@MohammedRyaan786 MohammedRyaan786 merged commit 0d8ede6 into master Feb 11, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pranavjain97 pranavjain97 pranavjain97 approved these changes

@lokesh-bitgo lokesh-bitgo Awaiting requested review from lokesh-bitgo lokesh-bitgo is a code owner automatically assigned from BitGo/wallet-core-india

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MohammedRyaan786 @lokesh-bitgo @pranavjain97