Express X-Hub
X-Hub-Signature Express.js Middleware. A compact way to validate X-Hub requests to ensure they have not been tampered with. Particularly useful for Facebook real-time updates and GitHub web hooks.
Getting Started
Install the middleware with this command:
npm install express-x-hub --save
Then add the middleware to Express.js. It needs to be one of the first and before bodyParser()
.
var xhub = ;app;app;app;
Where XHUB_SECRET_HERE
is your platform's (facebook, github, etc) secret.
This will add some special sauce to your req
object:
Request Additions
boolean
isXHub Is the request X-Hub. Allows you to early reject any messages without XHub content.
var isXHub = reqisXHub;if!isXHub return this;
req.isXHubValid()
isXHubValid Returns a boolean value. Validates the request body against the X-Hub signature using your secret.
var isValid = req;if!isValid return this;
If its valid, then the request has not been tampered with and you are safe to process it.
Build
npm test
- Run tests.gulp
- Lint and run tests.
Example
Some very simple examples can be found in the example
dir.
Start the server:
node ./example/server.js
Curl in an emulated X-Hub post:
sh ./example/curl_valid.sh>>
Options
string
- required
secret X-Hub secret that is used to validate the request body against the signed X-HUB signature on the header.
string
algorithm Encryption algorithm used to generate the signature. Defaults to sha1
.
string
limit Limit on the request body size. Defaults to 100kb
.
string
encoding Encoding on the raw input stream. Defaults to utf8
.
boolean
strict Strict demands on the JSON. Defaults to true
.
function
reviver Reviver used during JSON.parse
.