JS version of the parse signed request from Facebooks docs on data deletion https://developers.facebook.com/docs/development/create-an-app/app-dashboard/data-deletion-callback/

parseSignedFacebookRequest.js

export const parseSignedFacebookRequest = (signed_request) => {
  const [encoded_sig, payload] = signed_request.split(".");

  const secret = 'appsecret'; // Use your app secret here

  // decode the data
  const sig = base64Decode(encoded_sig);
  const data = JSON.parse(base64Decode(payload));

  // confirm the signature
  const expected_sig = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("binary");

  if (sig !== expected_sig) {
    throw Error("Bad Signed JSON signature!");
  }

  return data;
};

const base64Decode = (input: string) => {
  return Buffer.from(
    input.replace(/-/g, "+").replace(/_/g, "/"),
    "base64"
  ).toString("binary");
};