koa-x-signature

NPM version node version

X-Hub-Signature Koa Middleware.

Install

NPM

Usage

Add the middleware to Koa. It needs to be after bodyParser().

const Koa = require('koa');
const bodyParser = require('koa-bodyparser');
const HUIJI = require('koa-x-signature');

const app = new Koa();
app.use(bodyParser());
app.use(HUIJI({algorithm: 'sha1', secret: HUIJI_SECRET_HERE}));

Where HUIJI_SECRET_HERE is your platform's (facebook, github, etc) secret.

This will add some special sauce to your ctx.request object:

hasSig boolean

Is the request from Huiji. Allows you to early reject any messages without HUIJI content.

if (!ctx.request.hasSig) { ctx.throw(403, 'No X-Signature'); }

isValid ctx.request.isValid()

Returns a boolean value. Validates the request body against the HUIJI signature using your secret.

if (!ctx.request.isValid || !ctx.request.isValid()) { ctx.throw(403, 'Invalid Request Signature'); }

If it's valid, then the request has not been tampered with and you are safe to process it.

Options

  • secret: Huiji secret that is used to validate the request body against the signed X-HUB signature on the header. Required.
  • algorithm: Encryption algorithm used to generate the signature. Default is sha1.

License

MIT

Acknowledgements

This project is inspired by express-x-hub.