Created
January 15, 2020 00:39
-
-
Save scottdixon/3d8ea3ab939f5935b486951d63aebd6d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const express = require('express') | |
| const app = express() | |
| const crypto = require('crypto') | |
| const secretKey = '<your secret key>' | |
| const bodyParser = require('body-parser') | |
| app.use('/webhooks', bodyParser.raw({ type: 'application/json' })) | |
| app.use(bodyParser.json()) | |
| app.post('/webhooks/orders/create', async (req, res) => { | |
| console.log('🎉 We got an order!') | |
| // we'll compare the hmac to our own hash | |
| const hmac = req.get('X-Shopify-Hmac-Sha256') | |
| // create a hash using the body and our key | |
| const hash = crypto | |
| .createHmac('sha256', secretKey) | |
| .update(req.body, 'utf8', 'hex') | |
| .digest('base64') | |
| // Compare our hash to Shopify's hash | |
| if (hash === hmac) { | |
| // It's a match! All good | |
| console.log('Phew, it came from Shopifify!') | |
| res.sendStatus(200) | |
| } else { | |
| // No match! This request didn't originate from Shopify | |
| console.log('Danger! Not from Shopify!') | |
| res.sendStatus(403) | |
| } | |
| }) | |
| app.listen(3000, () => console.log('Example app listening on port 3000!')) |
Not working. i am getting req.body but it is not verifying the hash
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How can I do this with koa-bodyparser? The above method doesn't seem to work anymore.