X-Hub-Signature tools for Node.js
X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.
Requires Node.js 16+
The Express middleware that was included in this package in v1.x has been moved to a separate package. See x-hub-signature-middleware.
npm install x-hub-signature --save
Sign a buffer containing a request body:
import XHubSignature from 'x-hub-signature'; const x = new XHubSignature('sha1', 'my_little_secret'); const signature = x.sign(new Buffer('body-to-sign')); // sha1=3dca279e731c97c38e3019a075dee9ebbd0a99f0
sha1or other desired signing algorithm
secret(required) - signing secret that the webhook was signed with
Creates an XHubSignature instance.
requestBody(required) - a string or Buffer containing the body of the request to sign
Returns a string containing the value expected in the
expectedSignature(required) - a string containing the
X-Hub-Signatureheader value for an incoming request
requestBody(required) - a string or Buffer containing the body of the incoming request
true if the signature is valid, or false if it is invalid.