Skip to content

Instantly share code, notes, and snippets.

@jugyo
Created September 26, 2019 14:26
Show Gist options
  • Save jugyo/3a5e4c5d14eb6f73501186c78b52eca2 to your computer and use it in GitHub Desktop.
Save jugyo/3a5e4c5d14eb6f73501186c78b52eca2 to your computer and use it in GitHub Desktop.
const crypto = require("crypto")
export function verifyGithubWebhook(payload: string, signature: string, secret: string) {
const hmac = crypto.createHmac("sha1", secret)
hmac.update(JSON.stringify(payload))
const calculatedSignature = "sha1=" + hmac.digest("hex")
const valid = crypto.timingSafeEqual(Buffer.from(calculatedSignature), Buffer.from(signature))
if (!valid) {
throw new Error("Invalid github webhook call")
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment