HMAC Middleware

• You could optimize the authHeader variables to check if it exists using lexical and then do the split.
• You need to check if the authHeader splitted length is === 2.
• You didn't have to create a const of function returning function and then export it. Instead, you could just export the inside function as the default export.
• Use return next(); for the last callback function or the process will still continued even if you already called next();

  const validator = require('validator'),
  crypto = require('crypto'),
  data = require('../database.js'),
  error = require('../utils/error.js')


module.exports = function(req, res, next) {
  let authHeader = req.headers.authorization && req.headers.authorization.split(':')
  if(!authHeader || authHeader.length !== 2) {
    return res.json(error.INVALID_AUTH_HEADER)
  }

  const user = authHeader[0]
  const userProvidedDigest = authHeader[1]

  if(!validator.isAlphanumeric(user)) {
    return res.json(error.INVALID_USER)
  }

  data.findOne({ user: user }, function processResults(err, docs) {
    if(err) {
      req.log.error(err)

      return res.json(error.AN_ERROR_OCCURRED)
    }

    if(docs === null) {
      return res.json(error.USER_NOT_FOUND)
    }

    const date = new Date()
    const formattedDate = date.getUTCFullYear().toString() + date.getUTCMonth().toString() + date.getUTCDate().toString() + date.getUTCHours().toString() + date.getUTCMinutes().toString()

    const serverGeneratedDigest = crypto.createHmac('sha256', docs.secretkey).update(formattedDate + req.method + req.url).digest('hex').toString('utf8')

    if(userProvidedDigest !== serverGeneratedDigest) {
      return res.json(error.INVALID_DIGEST)
    }

    return next()
  })
}