search

alexa-js / alexa-app-server

An Alexa app server for alexa-app.
MIT License
401 stars 116 forks source link

Simplify request verification code #31

Closed tejashah88 closed 7 years ago

tejashah88 commented 7 years ago

I noticed that this portion of the code could be replaced with some from the alexa-verifier-middleware module.

// starts at line 73 in index.js
if (config.verify) {
    // could be replaced with something like: self.express.use(endpoint, avm());
    self.express.use(endpoint, function(req, res, next) {
        req.verified = false;
        if (!req.headers.signaturecertchainurl) {
            return next();
        }

        var cert_url = req.headers.signaturecertchainurl;
        var signature = req.headers.signature;
        var requestBody = req.rawBody;
        verifier(cert_url, signature, requestBody, function(er) {
            if (er) {
                res.status(401).json({ status: 'failure', reason: er });
            } else {
                req.verified = true;
                next();
            }
        });
    });
}

Thoughts?

dblock commented 7 years ago

Sounds reasonable! Please make a PR.

dblock commented 7 years ago

Closed via https://github.com/alexa-js/alexa-app-server/pull/32.