Updated code snippet

niati · niati · commit 7ab9e4be9200 · 2020-05-26T13:27:01.000-04:00
diff --git a/messages/signed-webhooks/verify-signed-webhook.js b/messages/signed-webhooks/verify-signed-webhook.js
@@ -1,7 +1,33 @@
-const jwt = require("jsonwebtoken")
+require('dotenv').config({ path: __dirname + '/../.env' })
+const NEXMO_API_SIGNATURE_SECRET = process.env.NEXMO_API_SIGNATURE_SECRET || ''
+const jwt = require("jsonwebtoken");
 const sha256 = require('js-sha256');
-
-var claims = jwt.verify(signature,'SECRET')
-if (sha256(payload) != claims["payload_hash"]) {
-    // payload has been tampered with
-   }
+const app = require('express')()
+const bodyParser = require('body-parser')
+app.use(bodyParser.json())
+app.use(bodyParser.urlencoded({
+  extended: true
+}))
+app
+    .route('/webhooks/inbound-message')    
+    .post(handleInboundMessage);
+function handleInboundMessage(request, response){
+    const payload = Object.assign(request.query, request.body)
+    let token = request.headers.authorization.split(" ")[1]
+    try{
+        var decoded = jwt.verify(token, NEXMO_API_SIGNATURE_SECRET, {algorithms:['HS256']});
+        if(sha256(JSON.stringify(payload))!=decoded["payload_body"]){
+            console.log("tampering detected");
+            response.status(401).send();
+        }
+        else{
+            console.log("Success");
+            response.status(204).send();
+        }
+    }
+    catch(err){
+        console.log('Bad token detected')
+        response.status(401).send()
+    }
+}
+app.listen(process.env.PORT || 3000)
