GitHub Signature Validator

GitHubSignatureValidator.php

<?php

namespace App\WebhookClient\SignatureValidator;

use Illuminate\Http\Request;
use Illuminate\Validation\UnauthorizedException;
use Spatie\WebhookClient\SignatureValidator\SignatureValidator;
use Spatie\WebhookClient\WebhookConfig;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;

class GitHubSignatureValidator implements SignatureValidator
{
    public function isValid(Request $request, WebhookConfig $config): bool
    {
        if (! isProduction()) {
            return true;
        }

        $signature = $request->header(config('webhooks.github.signature_header_name'));
        $secret    = $config->signingSecret;

        if (is_null($signature)) {
            throw new BadRequestHttpException('GitHub Webhook Header Not Set');
        }

        $signature_parts = explode('=', $signature);

        if (2 != count($signature_parts)) {
            throw new BadRequestHttpException('Invalid GitHub Webhook Format.');
        }

        $known_signature = hash_hmac('sha1', $request->getContent(), $secret);

        if (! hash_equals($known_signature, $signature_parts[1])) {
            throw new UnauthorizedException('Could not verify request signature ' . $signature_parts[1]);
        }

        return true;
    }
}