deed - verify x-hub-signature
X-Hub-Signature headers, which are a simple way to verify HTTP POST requests. For example, this can be used to authorize requests to callback URLs, say, from GitHub webhooks or the Facebook API.
var deed =var http =http
The callback receives an error, if the verification failed, otherwise
null and the authorized request are passed.
erThe error if an error occured or verification failed.
reqThe verified request.
deed(secret, req, cb)
The sole function exported by the deed module checks if the request body, hashed with the secret, matches the
String()The key to hash the payload with.
http.IncomingMessage()The request to verify.
The client must generate an HMAC signature of the payload and include that signature in the request headers. The
X-Hub-Signature header's value must be
sha1=signature, where signature is a hexadecimal representation of a SHA1 signature. The signature must be computed using the HMAC algorithm with the request body as the data and the secret as the key.
deed recomputes the SHA1 signature with the shared secret using the same method as the client. If the signature does not match, the request cannot be verified and should probably be dropped.
Originally this technique has been decribed in the PubSubHubbub spec.
With npm do:
npm install deed