Neoanthropic Preternatural Murmurings

    verify-github-webhook-secret
    TypeScript icon, indicating that this package has built-in type declarations

    2.0.8 • Public • Published

    verify-github-webhook-secret

    GitHub Actions status codecov semantic-release

    Verifies the secret that is sent in GitHub Webhooks. The secret will be used as the key to generate the HMAC hex digest value in the X-Hub-Signature header.

    Installation 🏗

    $ npm install --save verify-github-webhook-secret

    or if you use Yarn 🐈

    $ yarn add verify-github-webhook-secret

    Usage 🔨

    The exported function needs a http.IncomingMessage and your personal secret string. It returns a Promise that fulfills with a boolean if the received secret is valid or not.

    You can use it for example with micro as follows:

    import micro from "micro";
    import { verifySecret } from "verify-github-webhook-secret";
    
    const server = micro(async (req) => {
    	const valid = await verifySecret(req, "my-secret");
    	return valid ? "Allowed" : "Not allowed";
    });

    Another way to call the function is directly with the HTTP body and the x-hub-signature HTTP header. This is useful in an scenario where you don't have an IncomingMessage like in some serverless environments.

    import { verifySecret } from "verify-github-webhook-secret";
    
    async function myFunc() {
    	const valid = await verifySecret('{"foo":"bar"}', "my-secret", "sha1=30a233839fe2ddd9233c49fd593e8f1aec68f553");
    	return valid ? "Allowed" : "Not allowed";
    }

    Install

    npm i verify-github-webhook-secret

    DownloadsWeekly Downloads

    16

    Version

    2.0.8

    License

    MIT

    Unpacked Size

    7.66 kB

    Total Files

    9

    Last publish

    Collaborators

    • screendriver