Incoming requests not validated, may not be from Facebook

abhinavdahiya / go-messenger-bot

Golang bindings for the Messenger Bot API

https://godoc.org/github.com/abhinavdahiya/go-messenger-bot

MIT License

52 stars 10 forks source link

Incoming requests not validated, may not be from Facebook #3

Closed abunner closed 8 years ago

abunner commented 8 years ago

Looking through the Messenger platform's official sample, they use the app secret to validate that each requests actually comes from Facebook before processing it

https://github.com/fbsamples/messenger-platform-samples/blob/master/node/app.js

See the verifyRequestSignature function in app.js

Seems like a good addition to this library

abhinavdahiya commented 8 years ago

@abunner thanks for the suggestion, I think this commit should do the job