Last active
April 9, 2016 19:00
-
-
Save z2s8/edee650329de288a4da4 to your computer and use it in GitHub Desktop.
verify github webhook with Crystal-lang
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# based on developer.github.com/webhooks/securing | |
require "openssl" | |
require "openssl/hmac" | |
# constant time string comparison between fixed length strings | |
# forked from github.com/rack/rack, modified to work with crystal | |
def secure_compare(a, b) | |
return false unless a.bytesize == b.bytesize | |
l = a.bytes | |
r, i = 0, -1 | |
b.each_byte { |v| r |= v ^ l[i += 1] } | |
r == 0 | |
end | |
def verify_signature(payload_body) | |
signature = "sha1=" + OpenSSL::HMAC.hexdigest(:sha1, "ENV['SECRET_TOKEN']", payload_body) | |
return "Signatures didn't match!" unless secure_compare(signature, ".env['HTTP_X_HUB_SIGNATURE']") | |
return "GOOD" | |
end | |
puts verify_signature("'asd'") | |
puts secure_compare("asd", "agd") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment