Fix signature for POST requests

Author: Fernando Fernandes

Sources/SwiftTrader/Network/Kucoin/KucoinAPI+Header.swift

@@ -44,12 +44,18 @@ private extension KucoinAPI {
 
     /// "KC-API-SIGN"
     static func setAPISignature(request: inout URLRequest, kucoinAuth: KucoinAuth) throws {
+        
+        // MARK: HTTP Method
+        
         guard let httpMethodString = request.httpMethod else {
             throw KucoinAPIError.missingHTTPMethod
         }
         guard let httpMethod = HTTPMethod(rawValue: httpMethodString) else {
             throw KucoinAPIError.unsupportedHTTPMethod
         }
+        
+        // MARK: Path
+        
         guard let url = request.url else {
             throw KucoinAPIError.missingURL(url: request.url)
         }
@@ -62,7 +68,23 @@ private extension KucoinAPI {
         } else {
             finalPath = url.path
         }
-        let signature = try createSignature(for: httpMethod, path: finalPath, secret: kucoinAuth.apiSecret)
+        
+        // MARK: Body
+        
+        let body: String
+        if let bodyData = request.httpBody,
+           let bodyString = String(data: bodyData, encoding: .utf8) {
+            body = bodyString
+        } else {
+            body = ""
+        }
+        
+        let signature = try createSignature(
+            for: httpMethod,
+               path: finalPath,
+               body: body,
+               secret: kucoinAuth.apiSecret
+        )
         request.setValue(signature, forHTTPHeaderField: KucoinAPI.HeaderField.apiSign)
     }
 

Sources/SwiftTrader/Network/Kucoin/KucoinAPI+Signature.swift

@@ -13,19 +13,25 @@ public extension KucoinAPI {
 
     /// Creates and returns the signature for the `KC-API-SIGN` header field.
     ///
+    /// From Kucoin documentation *"Use API-Secret to encrypt the prehash string
+    /// {timestamp+method+endpoint+body} with sha256 HMAC. The request body
+    /// is a JSON string and need to be the same with the parameters passed by the API.
+    /// After that, use base64-encode to encrypt the result..."*
+    ///
     /// https://docs.kucoin.com/futures/#authentication
     /// - Parameters:
     ///   - method: `HTTPMethod`. E.g.: `GET`, `POST.`
     ///   - path: Endpoint path including query parameters, if any. E.g.: *"/api/v1/account-overview?currency=USDT"*
+    ///   - body: The request body as a `JSON` `String`. For `GET`, `DELETE` requests, the body is "".
     ///   - secret: The API secret.
     /// - Returns: `Base64` encoded signature.
-    static func createSignature(for method: HTTPMethod, path: String, secret: String) throws -> String {
+    static func createSignature(for method: HTTPMethod, path: String, body: String, secret: String) throws -> String {
         guard let secretData = secret.data(using: .utf8) else {
             throw KucoinAPIError.stringToDataFailed(string: secret)
         }
         let key = SymmetricKey(data: secretData)
         let timestamp = Date().timestampMilliseconds
-        let stringToSign = "\(timestamp)" + HTTPMethod.GET.rawValue + path
+        let stringToSign = "\(timestamp)" + method.rawValue + path + body
         guard let stringToSignData = stringToSign.data(using: .utf8) else {
             throw KucoinAPIError.stringToDataFailed(string: stringToSign)
         }