Thought I’d show how I’ve done it too.
const verifyNotice = (req, res, buf, encoding) => {
const expected = req.headers['x-hub-signature'];
const calculated = 'sha256=' + crypto.createHmac('sha256', secret).update(buf).digest('hex');
req.verified = expected === calculated;
};
app.use(bodyParser.json({ verify: verifyNotice }));
Pretty much the same as Barry’s, I just do it as part of the body-parser middleware so that when I get a notification it’ll simply have a req.verified boolean value already available to me.