Okay, I tried using server from your github and I don’t know what I’ve done bad.
app.use(express.json({
verify: function(req, res, buf, encoding) {
// is there a hub to verify against
req.twitch_eventsub = false;
if (req.headers && req.headers.hasOwnProperty('twitch-eventsub-message-signature')) {
req.twitch_eventsub = true;
// id for dedupe
let id = req.headers['twitch-eventsub-message-id'];
// check age
let timestamp = req.headers['twitch-eventsub-message-timestamp'];
// extract algo and signature for comparison
let [ algo, signature ] = req.headers['twitch-eventsub-message-signature'].split('=');
// you could do
// req.twitch_hex = crypto.createHmac(algo, config.hook_secret)
// but we know Twitch should always use sha256
req.twitch_hex = crypto.createHmac('sha256', rString)
.update(id + timestamp + buf)
.digest('hex');
req.twitch_signature = signature;
if (req.twitch_signature != req.twitch_hex) {
console.error('Signature Mismatch');
} else {
console.log('Signature OK');
}
}
}
}));
app.post('/webhooks/callback', async (req, res) => {
if (req.twitch_eventsub) {
if (req.headers['twitch-eventsub-message-type'] == 'webhook_callback_verification') {
if (req.body.hasOwnProperty('challenge')) {
if (req.twitch_hex == req.twitch_signature) {
console.log('Got a challenge, return the challenge');
res.send(encodeURIComponent(req.body.challenge));
return;
}
}
res.status(403).send('Denied');
} else if (req.headers['twitch-eventsub-message-type'] == 'revocation') {
res.send('Ok');
} else if (req.headers['twitch-eventsub-message-type'] == 'notification') {
if (req.twitch_hex == req.twitch_signature) {
console.log('The signature matched');
res.send('Ok');
// you can do whatever you want with the data
// it's in req.body
} else {
console.log('The Signature did not match');
res.send('Ok');
}
} else {
console.log('Invalid hook sent to me');
res.send('Ok');
}
} else {
console.log('It didn\'t seem to be a Twitch Hook');
res.send('Ok');
}
. . .