To throw another example solution at it:
const crypto = require('crypto')
var secret = 'WIBBLEWOBBLE';
const bodyParser = require('body-parser');
// http://stackoverflow.com/questions/18710225/node-js-get-raw-request-body-using-express
app.use(bodyParser.json({
verify: function(req, res, buf, encoding) {
// is there a hub to verify against
req.twitch_hub = false;
if (req.headers && req.headers['x-hub-signature']) {
req.twitch_hub = true;
var xHub = req.headers['x-hub-signature'].split('=');
req.twitch_hex = crypto.createHmac(xHub[0], secret)
.update(buf)
.digest('hex');
req.twitch_signature = xHub[1];
}
}
}));
app.post('/webhook/', function(req, res) {
console.log('Incoming POST for');
if (req.twitch_hub && req.twitch_hex === req.twitch_signature) {
res.send('OK');
// do something with req.body which is an object
} else {
// WHY YOU POSTING WILLIS?
res.send('Pisseth off');// nier
}
});
Bit more error/checking toleratant if “not twitch” starts POSTing at you.