Access to raw request body

badboy 2017-07-10 02:25:52 UTC #1

Hey guys, so I am making a Facebook messenger bot using the serverless framework (aws lambda). I would like to verify that the requests are coming from Facebook. Luckily, Facebook sends a hash of the request body with each request which I can use to verify, however, the hash they send along is a hash of the raw request body. I need to access the raw request body in order to generate my own hash and see if they match. Does anybody know how I can get that raw request? Thanks. Happy to provide more details if necessary.

buggy 2017-07-10 06:58:06 UTC #2

If you're using Lambda Proxy integration (the default) then you can use event.body to access it.

badboy 2017-07-12 05:23:30 UTC #3

Ok I see @buggy thanks. For some reason, sometimes the hashes match and other times they do not depending on what sort of data is in the request. Would you have any idea why that is? Here is my code for hash matching:

if (event['headers']['X-Hub-Signature']) {
    var sha     = event['headers']['X-Hub-Signature']
    var body    = event.body
    return sha == `sha1=${crypto.createHmac('sha1', config.APP_SECRET).update(body).digest('hex')}`;
}