x-hub-signature

2.1.2 • Public • Published

X-Hub-Signature tools for Node.js

Build Status Download Status Sponsor on GitHub

X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.

Requires Node.js 16+

The Express middleware that was included in this package in v1.x has been moved to a separate package. See x-hub-signature-middleware.

Getting Started

To install:

npm install x-hub-signature --save

Usage

Sign a buffer containing a request body:

import XHubSignature from 'x-hub-signature';
const x = new XHubSignature('sha1', 'my_little_secret');
const signature = x.sign(new Buffer('body-to-sign'));
// sha1=3dca279e731c97c38e3019a075dee9ebbd0a99f0

XHubSignature

constructor(algorithm, secret)

  • algorithm (required) - sha1 or other desired signing algorithm
  • secret (required) - signing secret that the webhook was signed with

Creates an XHubSignature instance.

sign(requestBody)

  • requestBody (required) - a string or Buffer containing the body of the request to sign

Returns a string containing the value expected in the X-Hub-Signature header.

verify(expectedSignature, requestBody)

  • expectedSignature (required) - a string containing the X-Hub-Signature header value for an incoming request
  • requestBody (required) - a string or Buffer containing the body of the incoming request

Returns true if the signature is valid, or false if it is invalid.

License

MIT License

Package Sidebar

Install

npm i x-hub-signature

Weekly Downloads

608

Version

2.1.2

License

MIT

Unpacked Size

8.19 kB

Total Files

5

Last publish

Collaborators

  • compwright