express-x-hub
Advanced tools
X-Hub-Signature Express.js Middleware. A compact way to validate X-Hub requests to ensure they have not been tampered with. Particularly useful for Facebook real-time updates and GitHub web hooks.
Install the middleware with this command:
npm install express-x-hub --save
Then add the middleware to Express.js. It needs to be one of the first and before bodyParser().
var xhub = require('express-x-hub');
app.use(xhub({ algorithm: 'sha1', secret: XHUB_SECRET_HERE }));
app.use(bodyParser());
app.use(methodOverride());
Where XHUB_SECRET_HERE is your platform's (facebook, github, etc) secret.
This will add some special sauce to your req object:
booleanIs the request X-Hub. Allows you to early reject any messages without XHub content.
var isXHub = req.isXHub;
if(!isXHub) { return this.reject('No X-Hub Signature', req, res); }
req.isXHubValid()Returns a boolean value. Validates the request body against the X-Hub signature using your secret.
var isValid = req.isXHubValid();
if(!isValid){ return this.reject('Invalid X-Hub Request', req, res); }
If its valid, then the request has not been tampered with and you are safe to process it.
npm test - Run tests.gulp - Lint and run tests.Some very simple examples can be found in the example dir.
Start the server:
node ./example/server.js
Curl in an emulated X-Hub post:
sh ./example/curl_valid.sh
>> { "success": "X-Hub Is Valid" }
sh ./example/curl_invalid.sh
>> { "error": "X-Hub Is Invalid" }
string - requiredX-Hub secret that is used to validate the request body against the signed X-HUB signature on the header.
stringEncryption algorithm used to generate the signature. Defaults to sha1.
stringLimit on the request body size. Defaults to 100kb.
stringEncoding on the raw input stream. Defaults to utf8.
booleanStrict demands on the JSON. Defaults to true.
functionReviver used during JSON.parse.
FAQs
X-Hub-Signature Express Middleware
The npm package express-x-hub receives a total of 4,078 weekly downloads. As such, express-x-hub popularity was classified as popular.
We found that express-x-hub demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.