-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
77 lines (68 loc) · 2.41 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
'use strict';
var crypto = require('crypto');
var typeOf = require('kind-of');
var compare = require('safe-compare');
var extend = require('extend-shallow');
var event = require('typeof-github-event');
/**
* Validates that the provided request is a valid GitHub webhook request
* with a valid GitHub event and action.
*
* ```js
* // using an express middleware
* express.post('/webhook', function(req, res) {
* if (!isValid(req, 'my-secret', {event: 'issues', action: 'opened'})) {
* res.status(500);
* res.send({message: 'Invalid request'});
* return;
* }
* res.status(200);
* res.send({message: 'Valid request'});
* })
* ```
* @name isValid
* @param {Object} `req` Instance of an HTTP Request object (usually from express, hapi, or koa)
* @param {String} `secret` Optional secret used to sign the GitHub request. Leave this out to just check `event` or `action`
* @param {Object} `options` Additional options for validating against `event` and `action`.
* @param {String} `options.event` The GitHub event to validate against. See [typeof-github-event][] for more information.
* @param {String} `options.action` The event action to validate against. See [GitHub API docs](https://developer.github.com/v3/activity/events/types/) for more information.
* @return {Boolean} Returns `true` when valid and `false` when not.
* @api public
*/
module.exports = function(req, secret, options) {
if (typeOf(req) === 'undefined') {
throw new TypeError('expected first argument to be a request object');
}
if (typeOf(secret) === 'object') {
options = secret;
secret = null;
}
var opts = extend({}, options);
var payload = req.body;
var valid = true;
if (secret) {
var signature = req.headers['x-hub-signature'];
var hmac = crypto.createHmac('sha1', secret)
.update(JSON.stringify(payload, null, 0))
.digest('hex');
valid = compare(signature, 'sha1=' + hmac);
}
if (valid === true && typeOf(opts.event) !== 'undefined') {
var events = arrayify(opts.event);
var found = false;
for (var i = 0; i < events.length; i++) {
if(event.is(events[i], payload)) {
found = true;
break;
}
}
valid = found;
}
if (valid === true && typeOf(opts.action) !== 'undefined') {
valid = (payload.action === opts.action);
}
return valid;
};
function arrayify(val) {
return val ? (Array.isArray(val) ? val : [val]) : [];
}