Created
August 6, 2020 18:51
-
-
Save afreeland/003026ee17ab0f6de8b3acc4b33f797b to your computer and use it in GitHub Desktop.
Revisions
-
afreeland renamed this gist
Aug 6, 2020 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Aug 6, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,24 @@ app.use("/chargify", (req, res, next) => { // This request header contains the signature of the hmac sha 256 of the sites secret with the raw body of the request const webhookSignature = req.headers["x-chargify-webhook-signature-hmac-sha-256"]; try { // Your secret shared site key that you got from Chargify earlier // This is a SECRET and should be stored/retrieved in a safe manner, not source control (Kube Secret, etc.,) const sharedKey = "b65ca1b9a6eaea838b7c536ca0ca5fe634214b5d"; // The first step is to create a sha256 of our shared site key const hmac = crypto.createHmac("sha256", sharedKey); // Next we need to update our hmac to utilize the raw body of the request from Chargify hmac.update(req.rawBody); // Now we can obtain the digest to be able to compare it against the signature provided in request header const digest = hmac.digest("hex"); if (digest !== webhookSignature) { // Log/Throw error throw new Error("Webhook signature mismatch"); } } catch (e) { // Log/Throw Error } next(); });