const validate = function()

in server-examples/nodejs-backend/matches.js [182:209]

• 23 lines of code
• 4 McCabe index (conditional complexity)

  const validate = function (signedRequest) {
    // You can set USE_SECURE_COMMUNICATION=false
    // in the .env file to bypass validation
    // while doing local testing and using the FBInstant mock SDK.
    if (process.env.USE_SECURE_COMMUNICATION === false) {
      console.log('Not validating signature');
      return true;
    }

    try {
      var firstpart = signedRequest.split('.')[0];
      var replaced = firstpart.replace(/-/g, '+').replace(/_/g, '/');
      var signature = crypto.enc.Base64.parse(replaced).toString();
      const dataHash =
        crypto.HmacSHA256(signedRequest.split('.')[1], process.env.APP_SECRET)
        .toString();
      var isValid = signature === dataHash;
      if (!isValid) {
        console.log('Invalid signature');
        console.log('Expected', dataHash);
        console.log('Actual', signature);
      }

      return isValid;
    } catch (e) {
      return false;
    }
  };