// Calculate the X-Hub-Signature header value.
function getSignature(buf) {
var hmac = crypto.createHmac("sha1", process.env.BOTBONNIE_API_SECRET)
hmac.update(buf, "utf-8")
return "sha1=" + hmac.digest("hex")
// Verify function compatible with body-parser to retrieve the request payload.
// Read more: https://github.com/expressjs/body-parser#verify
function verifyRequest(req, res, buf, encoding) {
var expected = req.headers['x-hub-signature']
var calculated = getSignature(buf)
console.log("X-Hub-Signature:", expected, "Content:", "-" + buf.toString('utf8') + "-")
if (expected !== calculated) {
throw new Error("Invalid signature.")
console.log("Valid signature!")