Externalised verify TOKEN into Heroku config var (#16)

bedfordsean · adamgross42 · commit 19353c95a31f · 2017-07-24T18:03:41.000-07:00
* Externalised verify TOKEN into Heroku config var

* Remove console.log statements
diff --git a/heroku/README.md b/heroku/README.md
@@ -11,8 +11,8 @@ This is a sample client for [Facebook's Graph API Webhooks](https://developers.f
 
 ### Facebook
 1. Create a new [Facebook application](https://developers.facebook.com/apps).
-1. Set up your Facebook application's [Graph API Webhooks subscription](https://developers.facebook.com/docs/graph-api/webhooks/#setup) using `https://<your-subdomain>.herokuapp.com/facebook` as the callback URL and `token` as the verify_token.
+1. Set up your Facebook application's [Graph API Webhooks subscription](https://developers.facebook.com/docs/graph-api/webhooks/#setup) using `https://<your-subdomain>.herokuapp.com/facebook` as the callback URL. It is recommended that you set a `TOKEN` [config var](https://devcenter.heroku.com/articles/config-vars) as part of the set up of your Heroku app to secure requests. If you choose not to set a config var, then you will need to set a verify token of 'token' when configuring the callback URL.
 
 ### Instagram
 1. Register an [Instagram API client](https://instagram.com/developer/clients/manage/).
-1. Set up your client's [subscription](https://www.instagram.com/developer/subscriptions/) using your `https://<your-subdomain>.herokuapp.com/instagram` as the callback URL and `token` as the verify_token.
+1. Set up your client's [subscription](https://www.instagram.com/developer/subscriptions/) using your `https://<your-subdomain>.herokuapp.com/instagram` as the callback URL. It is recommended that you set a `TOKEN` [config var](https://devcenter.heroku.com/articles/config-vars) as part of the set up of your Heroku app to secure requests. If you choose not to set a config var, then you will need to set a verify token of 'token' when configuring the callback URL.
diff --git a/heroku/index.js b/heroku/index.js
@@ -17,17 +17,18 @@ app.listen(app.get('port'));
 app.use(xhub({ algorithm: 'sha1', secret: process.env.APP_SECRET }));
 app.use(bodyParser.json());
 
+var token = process.env.TOKEN || 'token';
 var received_updates = [];
 
 app.get('/', function(req, res) {
   console.log(req);
   res.send('<pre>' + JSON.stringify(received_updates, null, 2) + '</pre>');
 });
 
-app.get(['/facebook', '/instagram'], function(req, res) {
+app.get(['/facebook', '/instagram'], function(req, res) {   
   if (
     req.param('hub.mode') == 'subscribe' &&
-    req.param('hub.verify_token') == 'token'
+    req.param('hub.verify_token') == token
   ) {
     res.send(req.param('hub.challenge'));
   } else {
