X-Hub-Signature Express.js Middleware. A compact way to validate X-Hub requests to ensure they have not been tampered with. Particularly useful for Facebook real-time updates and GitHub web hooks.
Install the middleware with this command:
npm install express-x-hub --save
Then add the middleware to Express.js. It needs to be one of the first and before
var xhub = ;app;app;app;
XHUB_SECRET_HERE is your platform's (facebook, github, etc) secret.
This will add some special sauce to your
Is the request X-Hub. Allows you to early reject any messages without XHub content.
var isXHub = reqisXHub;if!isXHub return this;
Returns a boolean value. Validates the request body against the X-Hub signature using your secret.
var isValid = req;if!isValid return this;
If its valid, then the request has not been tampered with and you are safe to process it.
npm test- Run tests.
gulp- Lint and run tests.
Some very simple examples can be found in the
Start the server:
Curl in an emulated X-Hub post:
string - required
X-Hub secret that is used to validate the request body against the signed X-HUB signature on the header.
Encryption algorithm used to generate the signature. Defaults to
Limit on the request body size. Defaults to
Encoding on the raw input stream. Defaults to
Strict demands on the JSON. Defaults to
Reviver used during