Public
Script
1
2
3
4
5
6
7
8
9
10
export const verifyGithubWebhookSignature = async (
secret: string,
payload: string,
signatureHeader: string,
) => {
const { verify } = await import(
"https://esm.sh/@octokit/webhooks-methods@3.0.2?pin=v106"
);
return await verify(secret, payload, signatureHeader) === true;
};
Val Town is a social website to write and deploy JavaScript.
Build APIs and schedule functions from your browser.
October 23, 2023
I would strongly recommend to rather inline this code to avoid passing the secret and complete payload to a val, which "records" them in the evaluation logs, which contain the arguments passed to the val. I created an alternative @karfau.SignatureCheck, which is properly tested (on valtown)