node.jsgithubwebhookshmaccryptojs
trying to mock github webhook request, get: "X-Hub-Signature does not match blob signature"
Here is a little proxy server setup to handle github webhooks:
require('dotenv').config();
var http = require('http');
var createHandler = require('github-webhook-handler');
var handler = createHandler({
path: '/webhook',
secret: process.env.GIT_WEBHOOK_SECRET
});
http
.createServer(function(req, res) {
handler(req, res, function(err) {
res.statusCode = 404;
res.end('no such location');
});
})
.listen(8080);
handler.on('error', function(err) {
console.error('Error:', err.message);
});
handler.on('push', function(event) {
console.log(
'Received a push event for %s to %s',
event.payload.repository.name,
event.payload.ref
);
});
handler.on('issues', function(event) {
console.log(
'Received an issue event for %s action=%s: #%d %s',
event.payload.repository.name,
event.payload.action,
event.payload.issue.number,
event.payload.issue.title
);
});
In postman, I have these headers set:
The raw body is here: https://developer.github.com/v3/activity/events/types/#pullrequestreviewevent
Here is my pre-request script:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", hash);
I can confirm that the GIT_WEBHOOK_SECRET in .env is the same as what is set in secret in my Postman environment settings.
Solution
You need to set content of X-Hub-Signature as parameters with sha1 field :
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", "sha1=" + hash);
From validating payloads from Github :
No matter which implementation you use, the hash signature starts with sha1=, using the key of your secret token and your payload body.
- Can't connect to nodejs server
- SQL syntax error when trying to create a new table using TypeORM
- How to bulk insert into SQL using MySQL2?
- Class validator: Use class member as decorator argument
- Using next() and res.send .Cannot set headers after they are sent to the client. Error [ERR_HTTP_HEADERS_SENT]:
- How to mock a import?
- Error: querySrv ENOTFOUND _mongodb._tcp.dbname.fzofb.mongodb.net
- Why does Sequelize pluralize / singularize names of anything all? And how to stop that completely?
- npm ERR! network getaddrinfo ENOTFOUND
- What is the proper way to "patch" a node_modules module?
- NextJS server side development behind corporate proxy
- Issue installing better-sqlite3 on Mac
- How to access the request body when POSTing using Node.js and Express?
- How do I fix "garbage" at the head of my AES decrypted ciphertext?
- How to extend TypeORM repository in NestJS 9 (TypeORM 3.+)
- How to have aliases with nodejs import
- How to run TypeScript files from command line?
- Typeorm queryBuilder select only a specific key value of a JSONB type column
- Why `[1, 2, 3]` is not showing as an `Array(3)` in Console?
- express-validator to validate parameter which is an array
- SyntaxError: Cannot use import statement outside a module - Firebase with NodeJS
- Error: Unable to determine the current character, it is not a string, number, array, or object in react-native for android
- I am getting these error everytime I try to run the react and node based code in my system , tried "reinstalling npm install" and everything
- Proper way to update PM2 after updating Node.js
- Convert string to buffer Node
- email address missing from permissions list using google drive api
- ReactJS vs NodeJS - Why do I need to create both?
- How to pass client req object from node server to an Express route via an axios request?
- How do I pass a variable into regex with Node js?
- Can NPM ignore platform-specific packages in lockfiles (eg, linux, darwin, etc)