X-Hub-Signature tools for Node.js
X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.
Requires Node.js 16+
The Express middleware that was included in this package in v1.x has been moved to a separate package. See x-hub-signature-middleware.
Getting Started
To install:
npm install x-hub-signature --save
Usage
Sign a buffer containing a request body:
import XHubSignature from 'x-hub-signature';
const x = new XHubSignature('sha1', 'my_little_secret');
const signature = x.sign(new Buffer('body-to-sign'));
// sha1=3dca279e731c97c38e3019a075dee9ebbd0a99f0
XHubSignature
constructor(algorithm, secret)
-
algorithm
(required) -sha1
or other desired signing algorithm -
secret
(required) - signing secret that the webhook was signed with
Creates an XHubSignature instance.
sign(requestBody)
-
requestBody
(required) - a string or Buffer containing the body of the request to sign
Returns a string containing the value expected in the X-Hub-Signature
header.
verify(expectedSignature, requestBody)
-
expectedSignature
(required) - a string containing theX-Hub-Signature
header value for an incoming request -
requestBody
(required) - a string or Buffer containing the body of the incoming request
Returns true
if the signature is valid, or false if it is invalid.
License
MIT License