UNPKG

@purinton/knit

Version:

GitHub webhook handler and deployment automation tool. Listens for GitHub webhook events, validates signatures, updates repositories, runs deployment commands, and sends notifications.

github.com/purinton/knit

purinton/knit

16 lines (14 loc) 585 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
import crypto from 'crypto'; /** * Validates a GitHub webhook signature. * @param {Object} params * @param {string} params.data - The raw request body. * @param {string} params.secret - The webhook secret. * @param {string} params.signature - The signature from the header. * @returns {boolean} True if valid, false otherwise. */ export function validate({ data, secret, signature }) { if (!secret || !signature) return false; const expectedSignature = 'sha256=' + crypto.createHmac('sha256', secret).update(data).digest('hex'); return expectedSignature === signature; }