Skip to content

Instantly share code, notes, and snippets.

@dcollien

dcollien/GitHub_WebHook.coffee

Last active April 7, 2021 23:23
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save dcollien/c5d86c968cbc85e88286 to your computer and use it in GitHub Desktop.
Save dcollien/c5d86c968cbc85e88286 to your computer and use it in GitHub Desktop.
Download ZIP
GitHub WebHook Endpoint in CoffeeScript
Raw
GitHub_WebHook.coffee
# Simple GitHub Webhook Listener
express = require 'express'
bodyParser = require 'body-parser'
crypto = require 'crypto'
bufPack = require 'bufferpack'
app = express()
PORT = process.argv[2] or process.env.PORT or 8081
AUTH_SECRET = process.argv[3] or process.env.SECRET_TOKEN or 'test'
# Process Hook
hooks = (ghEvent, data) ->
console.log 'TODO: Process Event:', ghEvent, data
# Sign a payload
getSignature = (payload) ->
hmac = crypto.createHmac 'sha1', AUTH_SECRET
hmac.update payload
return 'sha1=' + hmac.digest('hex')
# Constant-Time Comparison Function (to avoid timing attacks)
secureCompare = (a, b) ->
bufA = new Buffer a
bufB = new Buffer b
return false if a is '' or b is '' or bufA.length isnt bufB.length
result = 0
l = bufPack.unpack bufA.length + 'B', bufA
result |= byte ^ l.shift() for byte in bufB
return (result is 0)
# JSON Parsing & Authentication Middleware
app.use bodyParser.json
verify: (req, res, buf) ->
signature = req.headers['x-hub-signature']
if not secureCompare (getSignature buf), signature
res.status 401
res.send 'FAIL: Unauthorized'
throw {'message': 'Unauthorized'}
# GitHub webhook request handler
app.post '/webhook', (req, res) ->
res.send 'OK\n'
hooks req.headers['x-github-event'], req.body
# Start the Server
app.listen PORT, -> console.log 'listening on *:' + PORT
# Test with: `ngrok 8081`
@nutzaza55255
Copy link

....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment