Http functions just give a 500 error

Ask the community
, , , ,
1

Question:
Whenever I send a get request to an http function, the response has status code 500 and body `x-wix-function-user-error` header missing exception. What does this mean, and how do I fix it?

Product:
I’m using wix editor, in dev mode. Specifically, the functions I need are provided by the wix-stores-data-requests velo package.

What have you already tried:
The only reference to this error that I could find is this old forum post. A few people reported seeing the error, but nobody posted a solution.

Additional information:
I’m sending the get requests with the following python code:

import requests
from _tokens_ import get_token

token = get_token("wix")      #my "store secret", as directed by the readme
url = "https://my.site/store/_functions/storeInfo"
r=requests.get(url , headers = {'secretauth' : token})
print(r.status_code) #prints '500'
print(r.text)        #prints  '`x-wix-function-user-error` header missing exception'

The following code was copied into my site’s (otherwise empty) http-functions.js file, as directed in the wix-stores-data-requests package readme.

import {
    get_storeInfo as _get_storeInfo,
    put_updateProduct as _put_updateProduct,
    get_products as _get_products
} 
from '@velo/wix-stores-data-requests-backend';

export async function get_storeInfo(request) {
    return await _get_storeInfo(request);
}

export async function put_updateProduct(request) {
    return await _put_updateProduct(request);
}

export async function get_products(request) {
    return await _get_products(request);
}

The request does not seem to be reaching the actual function at all. The response is the same, even if I deliberately misspell the function url: a get request to https://my.site/store/_functions/someGibberish would receive the same response.

I’m stumped, y’all.

3

Seems the issue might be authentication. There’s two options here:

Option 1

From looking at the docs for the @velo/wix-stores-data-requests package it seems like this package uses HMAC in order to securely send/receive requests.

While this library is built around cross communication between two Wix sites it is possible that your requests from a remote Python server to your site would work if you used Python’s HMAC library. Try giving that a try and report back. There’s some examples on Stackoverflow here: HMAC signing requests in Python - Stack Overflow

HMAC itself authenticates messages against signed messages based on a shared secret so including the secret in the auth header is not the correct way to do it. For security I’d also suggest changing your secret in case it has ended up in logs.

You’ll probably also need to make some requests from a consumer site on Wix first and log them so you can see what the names of the headers look like in the requests made with this library. But ultimately this option involves reverse engineering a package to do something it wasn’t initially designed to do.

Option 2

Another option you have is not using this library and instead using Wix Stores libraries like wix-stores-backend along with the generic JavaScript HMAC library yourself so that you can send requests in a format that you know because you made it :slight_smile: Then signing messages with Python’s HMAC and validating them on the Wix site’s side would definitely work.