Created
October 10, 2015 17:37
-
-
Save joshbeckman/5c4f0244914adfd312e4 to your computer and use it in GitHub Desktop.
An example Node.js server that can verify a Shopify webhook's integrity. Run with `node index.js`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const PORT = 3000; | |
| const SECRET = 'APP_SHARED_SECRET'; | |
| var http = require('http'), | |
| crypto = require('crypto'), | |
| server; | |
| function verifyShopifyHook(req) { | |
| var digest = crypto.createHmac('SHA256', SECRET) | |
| .update(new Buffer(req.body, 'utf8')) | |
| .digest('base64'); | |
| return digest === req.headers['X-Shopify-Hmac-Sha256']; | |
| } | |
| function parseRequestBody(req, res) { | |
| req.body = ''; | |
| req.on('data', function(chunk) { | |
| req.body += chunk.toString('utf8'); | |
| }); | |
| req.on('end', function() { | |
| handleRequest(req, res); | |
| }); | |
| } | |
| function handleRequest(req, res) { | |
| if (verifyShopifyHook(req)) { | |
| res.writeHead(200); | |
| res.end('Verified webhook'); | |
| } else { | |
| res.writeHead(401); | |
| res.end('Unverified webhook'); | |
| } | |
| } | |
| server = http.createServer(parseRequestBody); | |
| server.listen(PORT, function(){ | |
| console.log("Server listening on: http://localhost:%s", PORT); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thank you for your reply. tried the uppercase approach. did not work.
got this error
0|wmbi | HASH COMPARE FAILED - Unable to verify request HMAC