swop / github-webhook-stackphp
Stack middleware which will verify if the incoming GitHub web hook request is correctly signed.
v1.1
2016-11-10 23:35 UTC
Requires
- php: >=5.3.3
- stack/builder: ^1.0
- symfony/http-foundation: ^2.1|^3.0
- symfony/http-kernel: ^2.1|^3.0
Requires (Dev)
- phpunit/phpunit: ^4.5.0
This package is not auto-updated.
Last update: 2024-12-16 16:35:50 UTC
README
Stack middleware to restrict application access to GitHub Event bot with signed payload.
Every incoming request will see its X-Hub-Signature
header checked in order to validate that the request was originally performed by GitHub.
Any requests which doesn't have correct signature will lead to a 401 Unauthorized
JSON response.
Installation
The recommended way to install this library is through Composer:
composer require "swop/github-webhook-stackphp"
Usage
Silex example
require __DIR__ . '/../vendor/autoload.php'; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; $app = new \Silex\Application(); $app->get('/', function(Request $request) { return new Response('Hello world!', 200); }); $app = (new \Stack\Builder()) ->push('Swop\GitHubWebHookStackPHP\GitHubWebHook', 'my_secret') ->resolve($app) ; $request = Request::createFromGlobals(); $response = $app->handle($request)->send(); $app->terminate($request, $response);
Symfony example
# web/app_dev.php use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Debug\Debug; $loader = require_once __DIR__.'/../app/bootstrap.php.cache'; Debug::enable(); require_once __DIR__.'/../app/AppKernel.php'; $kernel = new AppKernel('dev', true); $kernel->loadClassCache(); $stack = (new Stack\Builder()) ->push('Swop\GitHubWebHookStackPHP\GitHubWebHook', 'my_secret') ; $kernel = $stack->resolve($kernel); Request::enableHttpMethodParameterOverride(); $request = Request::createFromGlobals(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
Contributing
See CONTRIBUTING file.
Original Credits
- Sylvain MAUDUIT (@Swop) as main author.
License
This library is released under the MIT license. See the complete license in the bundled LICENSE file.