swop/github-webhook-middleware

PSR-7 style & PSR-15 compatible middleware which will verify if the incoming GitHub web hook request is correctly signed.

Github WebHook PSR-7 / PSR-15 middleware

, _(*1)

This library offers a PSR-7 style & PSR-15 middleware which will verify if the incoming GitHub web hook request is correctly signed., _(*2)

The provided PSR-7 request will have its X-Hub-Signature header checked in order to see if the request was originally performed by GitHub using the correct secret to sign the request., _(*3)

If the request signature validation fails, a 401 JSON response will be send back., _(*4)

Installation

The recommended way to install this library is through Composer:, _(*5)

composer require "swop/github-webhook-middleware"

Usage

Ex: PSR-7 style middleware using Zend Diactoros Server

```php <?php, <sub>(*6)</sub>

use Psr\Http\Message\RequestInterface; use Psr\Http\Message\ResponseInterface;, <sub>(*7)</sub>

use Swop\GitHubWebHook\Security\SignatureValidator; use Swop\GitHubWebHookMiddleware\GithubWebHook;, <sub>(*8)</sub>

$request = \Zend\Diactoros\ServerRequestFactory::fromGlobals();, <sub>(*9)</sub>

$middleware = new GithubWebHook(new SignatureValidator(), 'my_secret');, <sub>(*10)</sub>

$next = function (RequestInterface $request, ResponseInterface $response) { // The security has been check. // Do some stuff with the web hook... return new \Zend\Diactoros\Response\JsonResponse(['status' => 'ok']); };, <sub>(*11)</sub>

$server = \Zend\Diactoros\Server::createServerFromRequest($middleware, $request);, <sub>(*12)</sub>

$server->listen($next);, <sub>(*13)</sub>

### Ex: PSR-15 middleware using Zend Stratigility

````php
<?php

use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;

use Zend\Stratigility\MiddlewarePipe;
use Zend\Stratigility\NoopFinalHandler;

use Zend\Diactoros\Server;
use Zend\Diactoros\Response\JsonResponse;

use Swop\GitHubWebHook\Security\SignatureValidator;
use Swop\GitHubWebHookMiddleware\GithubWebHook;

$app = (new MiddlewarePipe())
    ->pipe(new GithubWebHook(new SignatureValidator(), 'my_secret'))
    ->pipe('/', function (RequestInterface $request, ResponseInterface $response) {
        // The security has been check.
        // Do some stuff with the web hook...
        return new JsonResponse(['status' => 'OK']);
    });

$request = \Zend\Diactoros\ServerRequestFactory::fromGlobals();

Server::createServerFromRequest($app, $request)
    ->listen(new NoopFinalHandler())
;

Contributing

See CONTRIBUTING file., <sub>(*14)</sub>

Original Credits

• Sylvain MAUDUIT (@Swop) as main author.

License

This library is released under the MIT license. See the complete license in the bundled LICENSE file., <sub>(*15)</sub>