-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
51 lines (38 loc) · 1.62 KB
/
server.js
File metadata and controls
51 lines (38 loc) · 1.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
const express = require('express');
const crypto = require('crypto');
const cors = require('cors');
const app = express();
const MAX_TIME_DIFFERENCE = +process.env.MAX_TIME_DIFFERENCE || 5000;
const secretKey = 'my-secret';
const port = 7100;
const verifySignature = (secret, payload, signature) => {
if (!secret || !payload || !signature) return false;
const hmac = crypto.createHmac('sha256', secretKey);
hmac.update(Buffer.from(payload, 'utf-8'));
const generatedSignature = hmac.digest('hex');
if (generatedSignature.length !== signature.length) {
throw new Error('Invalid signature length');
}
return crypto.timingSafeEqual(Buffer.from(generatedSignature), Buffer.from(signature));
};
// Allows access from everywhere. (Only for testing purposes)
app.use(cors());
app.use(express.json());
app.post('/webhook', (req, res) => {
const timestamp = req.headers['x-timestamp'];
const signature = req.headers['x-signature'];
const payloadWithTimestamp = `${timestamp}.${JSON.stringify(req.body)}`;
const currentTimestamp = Math.floor(Date.now());
if (Math.abs(currentTimestamp - timestamp) > MAX_TIME_DIFFERENCE) {
return res.status(400).json({ error: 'Expired timestamp' });
}
const hasValidSignature = verifySignature(secretKey, payloadWithTimestamp, signature);
if (!hasValidSignature) {
return res.status(403).json({ error: 'Invalid signature' });
}
console.log(`Computed Signature: ${signature}`);
console.log(`Received Signature: ${req.headers['x-signature']}`);
});
app.listen(port, () => {
console.log(`Server is running on port ${port}`);
});