compwright/x-hub-signature

X-Hub-Signature webhook signing utility for PHP

Maintainers

Details

github.com/compwright/x-hub-signature-php

Source

Issues

Fund package maintenance!
compwright

Installs: 38

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

v1.0.0 2024-04-10 01:11 UTC

Requires (Dev)

MIT 0bc1591afc1df8f326fd52256ac333daf7b83e73

  • Jonathon Hill <jonathon.woop@compwright.com>

This package is auto-updated.

Last update: 2024-04-10 01:11:52 UTC

README

Sponsor on GitHub

X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.

Care has been taken to avoid security issues, including timing attacks.

Getting Started

To install:

composer require compwright/x-hub-signature

Usage

Sign a buffer containing a request body:

<?php

use Compwright\XHubSignature;
use InvalidArgumentException;

$signer = new XHubSignature\Sha256();

// Generate the signature header for an outbound webhook, i.e.
//
//   X-Hub-Signature-256: sha256=...
//
$headerName = $signer->getHeaderName();
$headerValue = $signer->sign($requestBody, $secret);
$signatureHeader = $headerName . ': ' . $headerValue;

// Verify an inbound webhook
$isValid = $signer->verify($signatureHeaderValue, $requestBody, $secret);
if ($isValid === false) {
    throw new InvalidArgumentException('Bad Request');
}

License

MIT License