initial commit

Author: Leadbetter

.gitignore

@@ -0,0 +1,116 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*

README.md

@@ -0,0 +1,50 @@
+# Sample Code for Twitch EventSub Webhooks using NodeJS
+
+The purpose of this sample is to provide guidance on how to start using Twitch's new webhooks that are a part of [EventSub](https://dev.twitch.tv/docs/eventsub). The sample is built in NodeJS using the Express.js framework.
+
+**This sample will cover**
+
+1. Webhook Subscription creation
+2. Signature Verification
+3. Handling the callback verification challenge
+4. Handling webhook event data
+
+## How to Use
+### Installation
+Run `npm install` to install the proyect's dependencies.
+
+### Setting an https endpoint
+All callback URLs set for Twitch's webhook notifications need to support https. To facilitate developmemnt in a local environment we recommend setting up an ngrok tunnel. Follow [this link](https://ngrok.com/download) and download the latest version for your OS.
+
+Once you have ngrok installed run `./ngrok http 3000` to start a tunnel.
+
+### Set .env file
+Create a .env file with the following variables
+
+```
+TWITCH_CLIENT_ID=
+TWITCH_ACCESS_TOKEN=
+NGROK_TUNNEL_URL=
+```
+Set the above values accordingly based on your Twitch app and the ngrok tunnel created in the previous step.
+
+### Start the Server
+run `npm start` to run the sample.
+
+
+## Webhook Subscription Creation
+Once the server is up and running you can send a POST to `http://localhost:3000/createWebhook/<twitchID>` to create a new *channel.follow* webhook. 
+
+You can modify the *createWebHookBody* payload in the index.js to try out other webhooks as well.
+
+In order to create a new webhook subscription you'll need to send a POST request to the https://api.twitch.tv/helix/eventsub/subscriptions endpoint.
+
+Once the subscription is created you should expect an almost immediate call to you callback URL with a challenge that will be logged into the console and echoed back to Twitch for the process to be completed.
+
+## Signature Verification
+Everytime you callback is reached by Twitch we will include a sha256 signature encrypted with the secret you provided during subscription creation. Signature verification is done by crafting the same message that is encrypted on Twitch's side; signing the crafted message with the shared secret; and comparing if the messages match.
+
+We are covering this step in the `verifySignature` function in the index.js file.
+
+## Handling Notifications
+The `app.post('/notification',...)` function will handle all notifications sent to your callback URL. It will reply to Twitch with the proper responses to complete the webhook flows succesfuly plus logging payloads to the console.

index.js

@@ -0,0 +1,89 @@
+require('dotenv').config()
+const express = require('express')
+const bodyParser = require('body-parser')
+const app = express()
+app.use(bodyParser.json({
+    verify: (req, res, buf) => {
+        // Small modification to the JSON bodyParser to expose the raw body in the request object
+        // The raw body is required at signature verification
+        req.rawBody = buf
+    }
+}))
+const https = require('https')
+const crypto = require('crypto')
+
+const port = 3000 // Set the express server's port to the corresponding port of your ngrok tunnel
+
+let clientId = process.env['TWITCH_CLIENT_ID']
+let authToken = process.env['TWITCH_ACCESS_TOKEN']
+let ngrokUrl = process.env['NGROK_TUNNEL_URL']
+
+app.post('/createWebhook/:broadcasterId', (req, res) => {
+    var createWebHookParams = {
+        host: "api.twitch.tv",
+        path: "helix/eventsub/subscriptions",
+        method: 'POST',
+        headers: {
+            "Content-Type": "application/json",
+            "Client-ID": clientId,
+            "Authorization": "Bearer "+ authToken
+        }
+    }
+    var createWebHookBody = {
+        "type": "channel.follow",
+        "version": "1",
+        "condition": {
+            "broadcaster_user_id": req.params.broadcasterId
+        },
+        "transport": {
+            "method": "webhook",
+            // For testing purposes you can use an ngrok https tunnel as your callback URL
+            "callback": ngrokUrl+"/notification", // If you change the /notification path make sure to also adjust in line 69
+            "secret": "keepItSecretKeepItSafe" // Replace with your own secret
+        }
+    }
+    var responseData = ""
+    var webhookReq = https.request(createWebHookParams, (result) => {
+        result.setEncoding('utf8')
+        result.on('data', function(d) {
+                responseData = responseData + d
+            })
+            .on('end', function(result) {
+                var responseBody = JSON.parse(responseData)
+                res.send(responseBody)
+            })
+    })
+    webhookReq.on('error', (e) => { console.log("Error") })
+    webhookReq.write(JSON.stringify(createWebHookBody))
+    webhookReq.end()
+})
+
+function verifySignature(messageSignature, messageID, messageTimestamp, body) {
+    let message = messageID + messageTimestamp + body
+    let signature = crypto.createHmac('sha256', "keepItSecretKeepItSafe").update(message) // Remember to use the same secret set at creation
+    let expectedSignatureHeader = "sha256=" + signature.digest("hex")
+
+    return expectedSignatureHeader === messageSignature
+}
+
+app.post('/notification', (req, res) => {
+    if (!verifySignature(req.header("Twitch-Eventsub-Message-Signature"),
+            req.header("Twitch-Eventsub-Message-Id"),
+            req.header("Twitch-Eventsub-Message-Timestamp"),
+            req.rawBody)) {
+        res.status(403).send("Forbidden") // Reject requests with invalid signatures
+    } else {
+        if (req.header("Twitch-Eventsub-Message-Type") === "webhook_callback_verification") {
+            console.log(req.body.challenge)
+            res.send(req.body.challenge) // Returning a 200 status with the received challenge to complete webhook creation flow
+
+        } else if (req.header("Twitch-Eventsub-Message-Type") === "notification") {
+            console.log(req.body.event) // Implement your own use case with the event data at this block
+            res.send("") // Default .send is a 200 status
+        }
+    }
+})
+
+app.listen(port, () => {
+    console.log(`Twitch Webhook Example listening at http://localhost:${port}`)
+})

package.json

@@ -0,0 +1,15 @@
+{
+  "name": "webhooks_sample",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "start": "node index.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "dotenv": "^8.2.0",
+    "express": "^4.17.1"
+  }
+}