swop/github-webhook-middleware

PSR-7 style & PSR-15 compatible middleware which will verify if the incoming GitHub web hook request is correctly signed.

Maintainers

Details

github.com/Swop/github-webhook-middleware

Source

Issues

Installs: 35

Dependents: 2

Suggesters: 0

Security: 0

Stars: 1

Watchers: 2

Forks: 1

Open Issues: 0

v1.0 2016-11-22 02:36 UTC

Requires

Requires (Dev)

MIT e3252c7d5ebc3557e5f2804822ece8c33f10d35a

securitygithubmiddlewarewebhookpsr7

This package is not auto-updated.

Last update: 2024-05-06 13:17:53 UTC

README

Build Status

This library offers a PSR-7 style & PSR-15 middleware which will verify if the incoming GitHub web hook request is correctly signed.

The provided PSR-7 request will have its X-Hub-Signature header checked in order to see if the request was originally performed by GitHub using the correct secret to sign the request.

If the request signature validation fails, a 401 JSON response will be send back.

Installation

The recommended way to install this library is through Composer:

composer require "swop/github-webhook-middleware"

Usage

Ex: PSR-7 style middleware using Zend Diactoros Server

<?php

use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;

use Swop\GitHubWebHook\Security\SignatureValidator;
use Swop\GitHubWebHookMiddleware\GithubWebHook;

$request = \Zend\Diactoros\ServerRequestFactory::fromGlobals();

$middleware = new GithubWebHook(new SignatureValidator(), 'my_secret');

$next = function (RequestInterface $request, ResponseInterface $response) {
    // The security has been check.
    // Do some stuff with the web hook...
    return new \Zend\Diactoros\Response\JsonResponse(['status' => 'ok']);
};

$server = \Zend\Diactoros\Server::createServerFromRequest($middleware, $request);

$server->listen($next);

Ex: PSR-15 middleware using Zend Stratigility

<?php

use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;

use Zend\Stratigility\MiddlewarePipe;
use Zend\Stratigility\NoopFinalHandler;

use Zend\Diactoros\Server;
use Zend\Diactoros\Response\JsonResponse;

use Swop\GitHubWebHook\Security\SignatureValidator;
use Swop\GitHubWebHookMiddleware\GithubWebHook;

$app = (new MiddlewarePipe())
    ->pipe(new GithubWebHook(new SignatureValidator(), 'my_secret'))
    ->pipe('/', function (RequestInterface $request, ResponseInterface $response) {
        // The security has been check.
        // Do some stuff with the web hook...
        return new JsonResponse(['status' => 'OK']);
    });

$request = \Zend\Diactoros\ServerRequestFactory::fromGlobals();

Server::createServerFromRequest($app, $request)
    ->listen(new NoopFinalHandler())
;

Contributing

See CONTRIBUTING file.

Original Credits

License

This library is released under the MIT license. See the complete license in the bundled LICENSE file.