X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.
Requires Node.js 16+
The Express middleware that was included in this package in v1.x has been moved to a separate package. See x-hub-signature-middleware.
To install:
npm install x-hub-signature --save
Sign a buffer containing a request body:
import XHubSignature from 'x-hub-signature';
const x = new XHubSignature('sha1', 'my_little_secret');
const signature = x.sign(new Buffer('body-to-sign'));
// sha1=3dca279e731c97c38e3019a075dee9ebbd0a99f0
algorithm
(required) -sha1
or other desired signing algorithmsecret
(required) - signing secret that the webhook was signed with
Creates an XHubSignature instance.
requestBody
(required) - a string or Buffer containing the body of the request to sign
Returns a string containing the value expected in the X-Hub-Signature
header.
expectedSignature
(required) - a string containing theX-Hub-Signature
header value for an incoming requestrequestBody
(required) - a string or Buffer containing the body of the incoming request
Returns true
if the signature is valid, or false if it is invalid.
MIT License