Skip to content

Instantly share code, notes, and snippets.

Created September 26, 2019 14:26
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
const crypto = require("crypto")
export function verifyGithubWebhook(payload: string, signature: string, secret: string) {
const hmac = crypto.createHmac("sha1", secret)
const calculatedSignature = "sha1=" + hmac.digest("hex")
const valid = crypto.timingSafeEqual(Buffer.from(calculatedSignature), Buffer.from(signature))
if (!valid) {
throw new Error("Invalid github webhook call")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment