Created
January 23, 2018 05:17
-
-
Save rjaus/d94513602b3d18ccfbc6d0f2c88639bd to your computer and use it in GitHub Desktop.
Node Hapi JS gist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict' | |
const hapi = require('hapi') | |
const crypto = require('crypto') | |
// Set the server to launch on localhost:3000 | |
const server = hapi.server({ host: 'localhost', port: 3000 }) | |
// Replace with your Xero Webhook Key | |
const xero_webhook_key = 'XERO_WEBHOOK_KEY' | |
// Create a route to receive Xero webhook requests | |
// NOTE: Config is set to not parse the request payload (body), this is required as we need to generate our signature from the body as it was received (raw) | |
server.route({ | |
method: 'POST', | |
path: '/webhook', | |
config: { | |
payload: { parse: false } | |
}, | |
handler: function (request, h) { | |
// Grab the body & signature | |
const body = request.payload.toString() | |
const signature = request.headers['x-xero-signature'] | |
console.log("Body: "+body) | |
console.log("Xero Signature: "+signature) | |
// Create our HMAC hash of the body, using our webhooks key | |
// Note: You need to explicitly set utf8 input encoding | |
let hmac = crypto.createHmac("sha256", xero_webhook_key).update(body, 'utf8').digest("base64"); | |
console.log("Resp Signature: "+hmac) | |
// Create response (without a body) | |
const response = h.response() | |
// Now set the response code, based on whether the signature matched our hmac hash | |
if (signature == hmac) { | |
response.code(200) | |
} else { | |
response.code(401) | |
} | |
return response | |
} | |
}) | |
server.start(function (err) { | |
if (err) { | |
throw err | |
} | |
console.log('Server started on port 3000') | |
}) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment