1

I am integrating a Twitch API for subs, and having issue with getting the webhook callback response to the middleware function that it should check the header and verify the signature.

I am receive the right response! however, it stops right there! I check the order of the routes, and I am not sure what I am missing

I am following https://dev.twitch.tv/docs/eventsub

app.post('/createWebhook/:broadcasterId', (req, res) => {
  const createWebHookParams = {
    host: "api.twitch.tv",
    path: "helix/eventsub/subscriptions",
    method: 'POST',
    headers: {
      "Content-Type": "application/json",
      "Client-ID": clientId,
      "Authorization": "Bearer " + authToken
    }
  }

  const createWebHookBody = {
    "type": "channel.follow",
    "version": "1",
    "condition": {
      "broadcaster_user_id": req.params.broadcasterId
    },
    "transport": {
      "method": "webhook",
      "callback": "ngrokURL/notification",
      "secret": webhookSecret // 
    }
  }

  let responseData = ""
  const webhookReq = https.request(createWebHookParams, (result) => {
    result.setEncoding('utf8')
    result.on('data', (d) => {
        responseData = responseData + d
      })
      .on('end', (result) => {
        const responseBody = JSON.parse(responseData) // json
        console.log(responseBody)
        res.send(responseBody)
      })
  })
  webhookReq.on('error', (e) => {
    console.log("Error")
  })

  webhookReq.write(JSON.stringify(createWebHookBody))
  webhookReq.end()

});

// middlewsre ---> // not triggered!!!

app.use(express.json({
  verify: verifyTwitchSignature
}));

// making post to receeive the notification.

app.post('/notification', (req, res) => {
  console.log("incoming notificatin", req.body)
  
  res.status(200).end();
})


// the middleware verifing the signature
const crypto = require("crypto");

const twitchSigningSecret = process.env.SECRET;

const verifyTwitchSignature = (req, res, buf, encoding)=>{
const messageId = req.header("Twitch-Eventsub-Message-Id");
const timeStamp = req.header("Twitch-Eventsub-Message-Timestamp")
const messageSignature = req.header("Twitch-Eventsub-Message-Signature")

console.log(`Message ${messageId} Signature: `,messageSignature)


if (!twitchSigningSecret){
  console.log(`Twitch signing secret is empty`);
  throw new Error ("Twitch signing secret is empty.");

}


const computedSignature = "sha256=" + crypto.createHmac("sha256", twitchSigningSecret).update(messageId + timeStamp + buf).digist("hex");
console.log(`Message ${messageId} Computed Signature: `, computedSignature)

if (messageSignature !== computedSignature) {
  throw new Error("Invalid Signature.");
}else {
  
  console.log("Verification Successful");
}

}

module.exports = verifyTwitchSignature
John Yacoub
  • 91
  • 1
  • 8
  • The `app.use()` for the middleware needs to be done before the route handler. – cbr Apr 03 '21 at 21:00
  • Hi cbr! I had it on the top before all the routes but still not working, I specifically had it on the top of the route that needs to be check after! – John Yacoub Apr 03 '21 at 21:07

1 Answers1

1

I believe in your verifyTwitchSignature function you need to pass next as one of the parameters and in the else-statement when it passes call next();.

That is my observation.

If you are working with middleware you always have to pass next together with req and res. next is what calls the next middleware or function in the queue.

Johan Carlberger
  • 85
  • 1
  • 8
  • Hi Johan, Thank you! the issue the request never go through the middleware at first place before move the next function! I believe the issue is calling the callback function from the webhook to get the response and then the middleware will run , which I am not seeing! – John Yacoub Apr 03 '21 at 21:32