marcdel
Validating webhook payloads from GitHub
I’m trying to validate github webhooks with a secret. The example documentation is in Ruby and I’m trying to figure out the corresponding Elixir. So far I have not been successful, but I’m not sure if it’s the decoding bit that’s wrong or if I’m using the wrong thing for the body.
My attempt:
def create(conn, params) do
[event_id] = get_req_header(conn, "x-github-delivery")
[event_name] = get_req_header(conn, "x-github-event")
verify_signature(conn)
json(conn, %{success: true, message: "event received"})
end
def verify_signature(conn) do
secret = "super secret"
[signature] = get_req_header(conn, "x-hub-signature")
body = inspect(Plug.Conn.read_body(conn))
# {:ok, body, _conn} = Plug.Conn.read_body(conn)
expected_signature =
:crypto.hmac(:sha, secret, body)
|> Base.encode16
|> String.downcase()
|> fn sig -> "sha1=" <> sig end.()
unless Plug.Crypto.secure_compare(expected_signature, signature), do: raise "signature didn't match"
end
Ruby:
post '/payload' do
request.body.rewind
payload_body = request.body.read
verify_signature(payload_body)
push = JSON.parse(params[:payload])
"I got some JSON: #{push.inspect}"
end
def verify_signature(payload_body)
signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body)
return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
end
Marked As Solved
maartenvanvliet
Might want to have a look at gh_webhook_plug | Hex and gh_webhook_plug/lib/gh_webhook_plug.ex at master · emilsoman/gh_webhook_plug · GitHub
in particular.
Also note that you need to call this plug before Plug.Parsers is called.
3
Also Liked
marcdel
Ooooooh, that totally makes sense. I realized I must be getting to the body too late because it was already an elixir map, but didn’t really put two and two together. I’ll give that a shot tomorrow, thank you!
1
Popular in Questions
Is there a way to get the call stack or stack trace at any point in the code? Not from exceptions, but an expression that returns how the...
New
Hello all!
I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
In templates/appointment/index.html.eex:
<%= for appointment <- @appointments do %>
<tr>
<td><%= appoi...
New
Hello everybody,
usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors:
[WARN] - (starship::utils): Executing command ...
New
As the title describes, I’m trying to run Enum.map() over a list of key/value pairs, where the value is a map. My data looks like this:
...
New
Credo is smart enough to check for (something like) this:
assert length(the_list) == 0
with this response:
Checking if an enum is empt...
New
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
Hi!
Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New
Other popular topics
Hi All,
I set a environment variables in dev.exs , like below code.
when i start server, how can i set the ${enable} value?
thanks.
d...
New
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help.
Where are they similar?
Where do they differ the m...
New
Hello everybody,
usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
Please see the new poll here: Which code editor or IDE do you use? (Poll) (2022 Edition)
It’s been a while since we first asked this, I...
New
Credo is smart enough to check for (something like) this:
assert length(the_list) == 0
with this response:
Checking if an enum is empt...
New
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
I am trying to run a deploy with docker and I successfully runned with this command:
docker build -t romenigld/blog-prod .
but when I t...
New
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New








