Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
const crypto = require("crypto")
export function verifyGithubWebhook(payload: string, signature: string, secret: string) {
const hmac = crypto.createHmac("sha1", secret)
hmac.update(JSON.stringify(payload))
const calculatedSignature = "sha1=" + hmac.digest("hex")
const valid = crypto.timingSafeEqual(Buffer.from(calculatedSignature), Buffer.from(signature))
if (!valid) {
throw new Error("Invalid github webhook call")
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment