const assert = require("assert");
const crypto = require("crypto");
const express = require("express");
const app = express();
// Collect raw payload buffer
app.use(express.raw({
type: "*/*",
verify: function (req, _res, buf) {
if (Buffer.isBuffer(buf)) {
req.buffer = buf;
}
},
}));
app.use(express.json());
app.post("/endpoint", (req, res) => {
// Calculate the HMAC signature using the secret key from Treet
const hmac = crypto
.createHmac("sha256", "<secret key>") // substitute secret
.update(req.buffer, "utf8")
.digest("base64");
// Validate it against the signature from Treet. Request is valid if the
// Treet signature and calculated HMAC signature match.
const signature = req.get("X-Treet-Signature");
assert.equal(hmac, signature);
res.json({ signature });
});
app.listen(8888, () => {
console.log("listening on 8888");
});