Skip to content

Instantly share code, notes, and snippets.

@simonr-cb
Created January 12, 2018 16:52
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save simonr-cb/6e881e656f7bdebd68621ca329b36c5f to your computer and use it in GitHub Desktop.
// Just use the static secret during HMAC verification for this demo stage
hmac = crypto.createHmac('sha256', Buffer.from(secret, 'base64'))
...
...
// Compute the request HMAC using the HMAC SHA-256 algorithm
hmac.update(req.protocol)
hmac.update(req.host)
hmac.update(req.originalUrl)
hmac.update(req.get('Authorization'))
var ourShipFastHMAC = hmac.digest('hex')
// Check to see if our HMAC matches the one sent in the request header
// and send an error response if it doesn't
if (ourShipFastHMAC != requestShipFastHMAC) {
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment