I need the raw request body to be able to SHA-1 digest it to validate the Facebook webhook X-Hub-Signature header that's passed along with the request to my Firebase Function (running on Google Cloud Functions).
The problem is that in cases like this (with a Content-Type: application/json header) GCF automatically parses the body using bodyParser.json() which consumes the data from the stream (meaning it cannot be consumed again down the Express middleware chain) and only provides the parsed javascript object as req.body. The raw request buffer is discarded.
I have tried to provide an Express app to functions.https.onRequest(), but that seems to be run as a child app or something with the request body already being parsed, just like when you pass a plain request-response callback to onRequest().
Is there any way to disable GCF from parsing the body for me? Or could I somehow specify my own verify callback to bodyParser.json()? Or is there some other way?
PS: I first contacted Firebase support about this a week ago, but for lack of a response there I'm trying it here now.
Now you can get the raw body from req.rawBody. It returns Buffer. See documentation for more details.
Thanks to Nobuhito Kurose for posting this in comments.