Webhook Signature validation fails

Are you using the body-parser for Express 4, configured to parse JSON POST requests? i.e:

const bodyParser = require('body-parser')
app.use(bodyParser.json());

Without that Express won’t parse the body of the POST request – which will result in the signature validation failing. The code you’ve provided works for me, too, when body-parser is included with the json parser chosen. you can try it here:

const express = require('express')
const app = express()
const crypto = require('crypto')
const bodyParser = require('body-parser')

app.use(bodyParser.text({type: '*/*'}));

app.post("/webhook", (request, response) => {
  const webhookSecret = 'secret';
  
  let hash = crypto.createHmac('md5', webhookSecret).update(request.body).digest('hex');
  let success = (request.header('x-patreon-signature') === hash);
  
  console.log('Signature received: ' + request.header('x-patreon-signature'));
  console.log('Signature generated: ' + hash);
  console.log('Signature validation status: ' + success);
    
  return response.status(success ? 200 : 400).json({result: success});
})

app.listen(process.env.PORT)

Edit: this code was updated on May 31st, 2018, to fix a bug: parsing the input as JSON and then turning it back into a string can cause some encoding issues which will cause signature verification to fail sometimes.