swop / github-webhook-middleware
PSR-7 style & PSR-15 compatible middleware which will verify if the incoming GitHub web hook request is correctly signed.
Requires
- php: >=5.4
- http-interop/http-middleware: ^0.2.1
- psr/http-message: ^1.0
- swop/github-webhook: ^2.0
- zendframework/zend-diactoros: ^1.3
Requires (Dev)
- phpunit/phpunit: ^4.5.0
This package is not auto-updated.
Last update: 2024-12-16 16:40:58 UTC
README
This library offers a PSR-7 style & PSR-15 middleware which will verify if the incoming GitHub web hook request is correctly signed.
The provided PSR-7 request will have its X-Hub-Signature
header checked in order to see if the request was originally performed by GitHub using the correct secret to sign the request.
If the request signature validation fails, a 401
JSON response will be send back.
Installation
The recommended way to install this library is through Composer:
composer require "swop/github-webhook-middleware"
Usage
Ex: PSR-7 style middleware using Zend Diactoros Server
<?php use Psr\Http\Message\RequestInterface; use Psr\Http\Message\ResponseInterface; use Swop\GitHubWebHook\Security\SignatureValidator; use Swop\GitHubWebHookMiddleware\GithubWebHook; $request = \Zend\Diactoros\ServerRequestFactory::fromGlobals(); $middleware = new GithubWebHook(new SignatureValidator(), 'my_secret'); $next = function (RequestInterface $request, ResponseInterface $response) { // The security has been check. // Do some stuff with the web hook... return new \Zend\Diactoros\Response\JsonResponse(['status' => 'ok']); }; $server = \Zend\Diactoros\Server::createServerFromRequest($middleware, $request); $server->listen($next);
Ex: PSR-15 middleware using Zend Stratigility
<?php use Psr\Http\Message\RequestInterface; use Psr\Http\Message\ResponseInterface; use Zend\Stratigility\MiddlewarePipe; use Zend\Stratigility\NoopFinalHandler; use Zend\Diactoros\Server; use Zend\Diactoros\Response\JsonResponse; use Swop\GitHubWebHook\Security\SignatureValidator; use Swop\GitHubWebHookMiddleware\GithubWebHook; $app = (new MiddlewarePipe()) ->pipe(new GithubWebHook(new SignatureValidator(), 'my_secret')) ->pipe('/', function (RequestInterface $request, ResponseInterface $response) { // The security has been check. // Do some stuff with the web hook... return new JsonResponse(['status' => 'OK']); }); $request = \Zend\Diactoros\ServerRequestFactory::fromGlobals(); Server::createServerFromRequest($app, $request) ->listen(new NoopFinalHandler()) ;
Contributing
See CONTRIBUTING file.
Original Credits
- Sylvain MAUDUIT (@Swop) as main author.
License
This library is released under the MIT license. See the complete license in the bundled LICENSE file.