githubWebhookWithVerify

Public

Script

import { email } from "https://esm.town/v/std/email?v=9";

import { githubPayloadStringToNormalizedJSON } from "https://esm.town/v/vtdocs/githubPayloadStringToNormalizedJSON";

import process from "node:process";

import { verifyGithubWebhookSignature } from "https://esm.town/v/vtdocs/verifyGithubWebhookSignature";

export const githubWebhookWithVerify = async (

req: express.Request,

res: express.Response,

) => {

const verified = await verifyGithubWebhookSignature(

process.env.githubWebhookToken,

githubPayloadStringToNormalizedJSON(req.body.payload),

req.get("X-Hub-Signature-256"),

);

if (!verified) {

return res.status(401);

}

const { action, sender, repository } = JSON.parse(req.body.payload);

if (action === "created") {

await email({

text: `Repository ${repository.full_name} starred by ${sender.login}`,

});

}

res.send(200);

};

Val Town is a social website to write and deploy JavaScript.

Build APIs and schedule functions from your browser.

Comments

There are some issues with this example:

@vtdocs.verifyGithubWebhookSignature has several issues, which is why I created @karfau.SignatureCheck (see there for more details)
it uses express which is not needed and makes things more complicated since we have the web api
in my webhook I found that @vtdocs.githubPayloadStringToNormalizedJSON is no longer needed and according to this issue JSON serializing might break the signature check

October 23, 2023