NodeJS/Javascript/express
var incoming = req.headers['x-hub-signature'].split('=');
var hash = crypto.createHmac(incoming[0], secret)
.update(JSON.stringify(req.body))
.digest('hex');
if (incoming[1] != hash) {
console.log('Reject');
} else {
console.log('Payload OK');// do other stuff
}
The above is out of date/incorrect. This middleware is more accurate/correct
router.use(bodyParser.json({
verify: function(req, res, buf, encoding) {
// is there a hub to verify against
req.twitch_hub = false;
if (req.headers && req.headers['x-hub-signature']) {
req.twitch_hub = true;
var xHub = req.headers['x-hub-signature'].split('=');
req.twitch_hex = crypto.createHmac(xHub[0], hub_secret)
.update(buf)
.digest('hex');
req.twitch_signature = xHub[1];
}
}
}));
router.route('/:type').post((req,res) => {
res.send('OK');
if (req.twitch_hub && req.twitch_hex == req.twitch_signature) {
// tis good
} else {
// unverified
}
});