-
-
Save winsandymyint/aa57e047dcea6156f39f to your computer and use it in GitHub Desktop.
An example Node.js server that can verify a Shopify webhook's integrity. Run with `node index.js`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const PORT = 3000; | |
| const SECRET = 'APP_SHARED_SECRET'; | |
| var http = require('http'), | |
| crypto = require('crypto'), | |
| server; | |
| function verifyShopifyHook(req) { | |
| var digest = crypto.createHmac('SHA256', SECRET) | |
| .update(new Buffer(req.body, 'utf8')) | |
| .digest('base64'); | |
| return digest === req.headers['X-Shopify-Hmac-Sha256']; | |
| } | |
| function parseRequestBody(req, res) { | |
| req.body = ''; | |
| req.on('data', function(chunk) { | |
| req.body += chunk.toString('utf8'); | |
| }); | |
| req.on('end', function() { | |
| handleRequest(req, res); | |
| }); | |
| } | |
| function handleRequest(req, res) { | |
| if (verifyShopifyHook(req)) { | |
| res.writeHead(200); | |
| res.end('Verified webhook'); | |
| } else { | |
| res.writeHead(401); | |
| res.end('Unverified webhook'); | |
| } | |
| } | |
| server = http.createServer(parseRequestBody); | |
| server.listen(PORT, function(){ | |
| console.log("Server listening on: http://localhost:%s", PORT); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment