Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const signatureMiddleware = function signatureMiddleware(req, res, next) {
- const payload = JSON.stringify(req.body);
- // convert the payload to unicode chars
- const unicode = payload.replace(/[\u007f-\uffff]/g, (a, i) => {
- let hex = payload.charCodeAt(i).toString(16);
- let str = `\\u${('000'+hex).slice(-4)}`;
- return str;
- });
- // choosing crypto type as sha1
- // the hash key is the same as the app secret found in the Facebook developers app page
- const hmac = crypto.createHmac('sha1', CONFIG.APP_SECRET);
- // hash the unicode-escaped JSON
- hmac.update(unicode);
- const signature = `sha1=${hmac.digest('hex')}`;
- if (signature === req.headers['x-hub-signature']) {
- // signature passed
- next();
- } else {
- // no signature or signature is not valid
- console.log(`signature ${signature} is not valid`);
- res.status(403).send('forbidden access');
- }
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement