swop/github-webhook-stackphp

Stack middleware which will verify if the incoming GitHub web hook request is correctly signed.

v1.1 2016-11-10 23:35 UTC

This package is not auto-updated.

Last update: 2024-11-18 16:06:55 UTC


README

Build Status

Stack middleware to restrict application access to GitHub Event bot with signed payload.

Every incoming request will see its X-Hub-Signature header checked in order to validate that the request was originally performed by GitHub. Any requests which doesn't have correct signature will lead to a 401 Unauthorized JSON response.

Installation

The recommended way to install this library is through Composer:

composer require "swop/github-webhook-stackphp"

Usage

Silex example

require __DIR__ . '/../vendor/autoload.php';

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

$app = new \Silex\Application();

$app->get('/', function(Request $request) {
    return new Response('Hello world!', 200);
});

$app = (new \Stack\Builder())
    ->push('Swop\GitHubWebHookStackPHP\GitHubWebHook', 'my_secret')
    ->resolve($app)
;

$request = Request::createFromGlobals();
$response = $app->handle($request)->send();

$app->terminate($request, $response);

Symfony example

# web/app_dev.php

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Debug\Debug;

$loader = require_once __DIR__.'/../app/bootstrap.php.cache';
Debug::enable();

require_once __DIR__.'/../app/AppKernel.php';

$kernel = new AppKernel('dev', true);
$kernel->loadClassCache();

$stack = (new Stack\Builder())
    ->push('Swop\GitHubWebHookStackPHP\GitHubWebHook', 'my_secret')
;

$kernel = $stack->resolve($kernel);

Request::enableHttpMethodParameterOverride();
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);

Contributing

See CONTRIBUTING file.

Original Credits

License

This library is released under the MIT license. See the complete license in the bundled LICENSE file.