· 6 years ago · Aug 30, 2019, 08:34 AM
1var express = require("express");
2var cors = require("cors");
3var crypto = require("crypto");
4
5var app = express();
6app.use(express.json());
7app.use(express.urlencoded({ extended: true }));
8app.use(cors());
9
10app.post("/PostBackListener", (req, res) => {
11 var hmacSignature = req.header("hmac-signature");
12 var rawData = req.body;
13 var jsonData = JSON.stringify(rawData);
14
15 var signatureMatched = false;
16
17 if (hmacSignature) {
18 signatureMatched = verifyHmacSignature(hmacSignature, jsonData);
19 }
20
21 //if the hmac signature matched, the response body data is valid
22 if (signatureMatched) {
23 //do something with the transaction result
24 }
25
26 res.sendStatus(200);
27});
28
29function verifyHmacSignature(hmacSignature, data) {
30 //this is the secret pass phrase you supplied to ChargeItPro
31 var secretKey = "cipDemoListenerKey";
32
33 var hmac = crypto.createHmac("sha512", secretKey);
34 hmac.update(data);
35 return hmac.digest("base64") === hmacSignature;
36}
37
38console.log("listening on port 5555");
39app.listen(5555);