Created
January 4, 2017 16:50
-
-
Save bbrewer97202/9d648ecf4a5b276d50f0f3686751baee to your computer and use it in GitHub Desktop.
validation of x-hub-signature header facebook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const crypto = require('crypto'); | |
const jsesc = require('jsesc'); | |
//inside express route handler | |
const xHubSignature = req.headers['x-hub-signature']; | |
if (this.validateSignature(xHubSignature, req.body)) { | |
console.log('valid signature'); | |
} | |
/** | |
* given xHubSignature and body request as JSON, return boolean if signed response matches expected signature | |
*/ | |
validateSignature(xHubSignature, body) { | |
let isValid = false; | |
body = jsesc(body, { | |
json: true, | |
escapeEverything: false, | |
lowercaseHex: true | |
}); | |
if (process.env.FACEBOOK_APP_SECRET) { | |
const signature = 'sha1=' + crypto.createHmac('sha1', process.env.FACEBOOK_APP_SECRET).update(body).digest('hex'); | |
isValid = (xHubSignature === signature); | |
} else { | |
console.log('missing FACEBOOK_APP_SECRET env variable'); | |
} | |
return isValid; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment