forked from frankcaron/sample-canvas-app
-
Notifications
You must be signed in to change notification settings - Fork 0
/
parse-signed-request.js
32 lines (26 loc) · 959 Bytes
/
parse-signed-request.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
var base64url = require('base64url');
var crypto = require('crypto');
function decode(signed_request, secret) {
if(!signed_request || !secret) {
return new Error('Must pass both signed_request and api secret');
}
// decode the data
try {
encoded_data = signed_request.split('.', 2);
sig = encoded_data[0];
json = base64url.decode(encoded_data[1]);
data = JSON.parse(json);
} catch (e) {
return new Error('Could not parse signed-request');
}
// check algorithm - not relevant to error
if (!data.algorithm || data.algorithm.toUpperCase() != 'HMACSHA256') {
return new Error('Unknown algorithm. Expected HMACSHA256');
}
expected_sig = crypto.createHmac('sha256', secret).update(encoded_data[1]).digest('base64');
if (sig !== expected_sig) {
return new Error('Bad signed JSON Signature!');
}
return data;
}
module.exports = exports = decode;