Parse signed request from Facebook cookie, and exchange code to access token

signed_request.js

var request = require('request-promise');
var crypto = require('crypto');
var config = {...};

function getAccessToken(cookies) {
    var cookieName = 'fbsr_' + config.client_id;
    var signedRequest = cookies[cookieName];
    var code = getCode(signedRequest);
    return exchangeCodeForAccessToken(code);
};

function parseSignedRequest(signedRequest, secret) {
    signedRequest = signedRequest.split('.');
    var encodedSig = signedRequest[0];
    var payload = signedRequest[1];
    var data = JSON.parse(new Buffer(payload, 'base64').toString());

    if (data.algorithm.toUpperCase() !== 'HMAC-SHA256') {
        return null;
    }

    var hmac = crypto.createHmac('sha256', secret);
    var encodedPayload = hmac.update(payload)
        .digest('base64')
        .replace(/\//g, '_').replace(/\+/g, '-')
        .replace(/={1,2}$/, '');

    if (encodedSig !== encodedPayload) {
        return null;
    }

    return data;
}

function getCode(signedRequest) {
    var payload = parseSignedRequest(signedRequest, config.client_secret);
    return payload.code;
}

function exchangeCodeForAccessToken(code) {
    var url = 'https://graph.facebook.com/v2.3/oauth/access_token' +
        '?client_id=' + config.client_id +
        '&redirect_uri=' +
        '&client_secret=' + config.client_secret +
        '&code=' + code;

    return request({
        url: url,
        json: true,
        gzip: true
    }).then(function(response) {
        return response.access_token;
    });
}