Last active
December 15, 2015 19:19
-
-
Save kevinohara80/5310554 to your computer and use it in GitHub Desktop.
Example canvas signed request middleware for express.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var crypto = require('crypto'); | |
// canvas signed request midddleware for express | |
module.exports = function(options) { | |
if(!options) options = {}; | |
function verify(signature, context) { | |
if(!options.consumerSecret) return false; | |
var hmac = crypto.createHmac('sha256', options.consumerSecret); | |
hmac.update(context); | |
var test = hmac.digest('base64'); | |
if(test === signature) { | |
return true; | |
} | |
return false; | |
} | |
return function(req, res, next) { | |
if(req.method === 'POST' && req.body && req.body.signed_request) { | |
// default to an invalid request | |
req.signed_request = false; | |
var arr = req.body.signed_request.split('.'); | |
// check the signed request for validity | |
if(!verify(arr[0], arr[1])) { | |
return next(); | |
} | |
var srData = JSON.parse(new Buffer(arr[1], 'base64').toString('ascii')); | |
// build up our oauth object for nforce | |
var oauth = { | |
access_token: srData.client.oauthToken || '', | |
instance_url: srData.client.instanceUrl || '' | |
}; | |
// attach full signed request to request and, if available, session | |
req.signed_request = srData; | |
if(req.session) req.session.signed_request = srData; | |
// attach nforce oauth to request and, if available, session | |
req.oauth = oauth; | |
if(req.session) req.session.oauth = oauth; | |
next(); | |
} else { | |
next(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment