Express uses connect's middleware for json. You can pass an options object to the json body parser to verify the content before it continues parsing.
function verifyHmac(req, res, buf) {
// then calculate HMAC-SHA1 on the content.
var hmac = crypto.createHmac('sha1', app.get('client_secret'));
hmac.update(buf);
var providedSignature = req.headers['X-Hub-Signature'];
var calculatedSignature = 'sha1=' + hmac.digest(encoding='hex');
if (providedSignature != calculatedSignature) {
console.log(
"Wrong signature - providedSignature: %s, calculatedSignature: %s",
providedSignature,
calculatedSignature);
var error = { status: 400, body: "Wrong signature" };
throw error;
}
}
app.use(express.json({verify: verifyHmac}));