在 Node.js(Express)Facebook 画布应用程序中获取signed_request

Get signed_request in Node.js (Express) Facebook canvas app

本文关键字:应用程序 获取 signed request js Node Express Facebook      更新时间:2023-09-26

有没有办法在Node.js Facebook页面标签应用程序中获取和解析signed_request?我需要知道页面 ID 以及用户是否喜欢该页面...

我不久前做了这个,最终写了一个小库来做到这一点。原始的CoffeeScript可以在 https://gist.github.com/fbef51815ab6f062b51a#file_signed_request.coffee 找到,这是一个JavaScript翻译:

var crypto = require('crypto');
SignedRequest = (function() {
  function SignedRequest(secret, request) {
    this.secret = secret;
    this.request = request;
    this.verify = this.verify.bind(this);
    var parts = this.request.split('.');
    this.encodedSignature = parts[0];
    this.encoded = parts[1];
    this.signature = this.base64decode(this.encodedSignature);
    this.decoded = this.base64decode(this.encoded);
    this.data = JSON.parse(this.decoded);
  }
  SignedRequest.prototype.verify = function() {
    if (this.data.algorithm !== 'HMAC-SHA256') {
      return false;
    }
    var hmac = crypto.createHmac('SHA256', this.secret);
    hmac.update(this.encoded);
    var result = hmac.digest('base64').replace(/'//g, '_').replace(/'+/g, '-').replace(/'=/g, '');
    return result === this.encodedSignature;
  };
  SignedRequest.prototype.base64encode = function(data) {
    return new Buffer(data, 'utf8').toString('base64').replace(/'//g, '_').replace(/'+/g, '-').replace(/'=/g, '');
  };
  SignedRequest.prototype.base64decode = function(data) {
    while (data.length % 4 !== 0) {
      data += '=';
    }
    data = data.replace(/-/g, '+').replace(/_/g, '/');
    return new Buffer(data, 'base64').toString('utf-8');
  };
  return SignedRequest;
})();
module.exports = SignedRequest;

你可以像这样使用:

var verifier = new SignedRequest(clientSecret, signedRequest);
verifier.verify() // whether or not the signed request verifies
verifier.data // the data from the signed request
相关文章: