Skip to content

dhivesh/x-hub-signature

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
src
src
 
 
test
test
 
 
.eslintrc.json
.eslintrc.json
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

X-Hub-Signature tools for Node.js and Express

Build Status

X-Hub-Signature is a compact way to validate real-time updates, such as webhooks from Facebook and GitHub.

Requires Node.js 6.4+

Getting Started

To install:

npm install x-hub-signature --save

Express Middleware

To validate incoming webhooks signed with X-Hub-Signature, use the bundled Express middleware.

const webhookMiddleware = require('x-hub-signature').middleware;
app.use(webhookMiddleware({
  algorithm: 'sha1',
  secret: 'secret',
  require: true,
  getRawBody: req => req.rawBody
}));

Options:

  • algorithm (required) - sha1 or other desired signing algorithm
  • secret (required) - signing secret that the webhook was signed with
  • require (optional) - boolean, whether to require the presence of the X-Hub-Signature header. If true, throws an HTTP 400 error if the header is not present. If false, the middleware will pass the request on if the header is not present, and validate the header only if it is present. (default: true)
  • getRawBody - function that accepts req as the first argument and returns the raw body. If you use the bundled body-parser verifier (see below), you don't need to set this option.

Use with body-parser

A very common case is to have body-parser middleware globally defined. This produces complications for the x-hub-signature middleware, since it needs a copy of the raw unparsed body, and body-parser by default does not save this on the request.

In this case, you can use the bundled middleware.extractRawBody verifier function with body-parser. This will set a reference to the buffered raw (unparsed) body to req.rawBody:

const bodyParser = require('body-parser');
const webhookMiddleware = require('x-hub-signature').middleware;
app.use(bodyParser.json({
  verify: webhookMiddleware.extractRawBody
}))
app.use(webhookMiddleware({
  algorithm: 'sha1',
  secret: 'secret',
  require: true
}));

Signature API

Use the bundled signature generator to sign a request body buffer.

const { signer } = require('x-hub-signature');
const sign = signer({ algorithm: 'sha1', secret: 'my_little_secret' });
const signature = sign(new Buffer('random-signature-body'));
// sha1=3dca279e731c97c38e3019a075dee9ebbd0a99f0

Options:

  • algorithm (required) - sha1 or other desired signing algorithm
  • secret (required) - signing secret that the webhook was signed with

License

MIT License

Acknowledgements

This project was based on express-x-hub by Alex Curtis.

About

X-Hub-Signature tools for Node and Express

www.npmjs.com/package/x-hub-signature

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • JavaScript 100.0%