X-Hub-Signature tools for Node.js

X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.

Requires Node.js 16+

The Express middleware that was included in this package in v1.x has been moved to a separate package. See x-hub-signature-middleware.

Getting Started

To install:

npm install x-hub-signature --save

Usage

Sign a buffer containing a request body:

import XHubSignature from 'x-hub-signature';
const x = new XHubSignature('sha1', 'my_little_secret');
const signature = x.sign(new Buffer('body-to-sign'));
// sha1=3dca279e731c97c38e3019a075dee9ebbd0a99f0

XHubSignature

constructor(algorithm, secret)

algorithm (required) - sha1 or other desired signing algorithm
secret (required) - signing secret that the webhook was signed with

Creates an XHubSignature instance.

sign(requestBody)

requestBody (required) - a string or Buffer containing the body of the request to sign

Returns a string containing the value expected in the X-Hub-Signature header.

verify(expectedSignature, requestBody)

expectedSignature (required) - a string containing the X-Hub-Signature header value for an incoming request
requestBody (required) - a string or Buffer containing the body of the incoming request

Returns true if the signature is valid, or false if it is invalid.

License

MIT License

compwright / x-hub-signature

readme