node.js - GitHub Webhook Secret Never Validates -

-

i'm using github webhook pipe events application of mine (an instance of github's hubot) , secured sha1 secret.

i'm using following code validate hashes on incoming webhooks

crypto    = require('crypto') signature = "sha1=" + crypto.createhmac('sha1', process.env.hubot_github_secret).update( new buffer request.body ).digest('hex') unless request.headers['x-hub-signature'] signature   response.send "signature not valid"   return

the x-hub-signature header passed through in webhook looks this

x-hub-signature: sha1=1cffc5d4c77a3f696ecd9c19dbc2575d22ffebd4

i passing in key , data accurately per github's documentation, hash ends different.

here github's documentation. https://developer.github.com/v3/repos/hooks/#example

and section misinterpreting

secret: optional string that’s passed http requests x-hub-signature header. value of header computed hmac hex digest of body, using secret key.

can see i'm going wrong?

seems not work buffer, json.stringify(); here's working code:

var   hmac,   calculatedsignature,   payload = req.body;  hmac = crypto.createhmac('sha1', config.github.secret); hmac.update(json.stringify(payload)); calculatedsignature = 'sha1=' + hmac.digest('hex');  if (req.headers['x-hub-signature'] === calculatedsignature) {   console.log('all good'); } else {   console.log('not good'); }

Comments

Post a Comment

Popular posts from this blog

javascript - how to protect a flash video from refresh? -

-
<!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>flash video refresh</title> </head> <body> <div id="playerzone"><embed height="496" width="580" flashvars="flvid=19742822&amp;createtime=2012-4-19 13:46:33" wmode="opaque" allowscriptaccess="always" allowfullscreen="true" quality="high" bgcolor="#000000" name="player" id="player" src="swf/mine.swf" type="application/x-shockwave-flash"></div> <a onclick="return test();" id="test">click me popup div,and hide scrollbar</a> </body> the code upon: for example,when click a#test button,popup div,it's no problem,but want hide scrollbar while div popup. i used $('html').css('overflow','hidden') in...
Read more

visual studio 2010 - Connect to informix database windows form application -

-
i trying figure out how connect ibm informix database. have been doing research , have found threads 5 years ago examples not working. i have installed latest sdk ibm informix. i have included ibm.data.informix.dll references in project. i have included using ibm.data.informix; i adding button , on click testing conenction. debug error "sql0035n file "c:\users\adam\documents\visual studio 2010\projects\test\test\msg\en_us\db2nmp.xml" cannot opened." this file not exist , dont see anywhere in program files (x86)\ibm informix client sdk directory. my on click code is private void button1_click(object sender, eventargs e) { const string host = "192.168.obfuscated"; const string servicenum = "1525"; //port? const string server = "serverobfuscated"; const string database = "dbobfuscatedy"; const string user = "myusername"; const string password = ...
Read more

android - Associate same looper with different threads -

-
Image
in application, want create multiple threads working on single queue. create queue know need call looper.prepare() . i want other threads create should associated looper created first thread, how can achieve this? use 1 of java thread safe queue class java.util.concurrent package instead of looper achieve goal. it's more common practice. share queue between threads , post task queue entry 1 thread can entry thread. blockingqueue can - in 1 thread call take() , block thread until thread put() entry queue. that's all. producer consumer pattern example blockingqueue or concurrentlinkedqueue about blockingqueue
Read more