Github version here: hapi-github-webhooks.
An authentication strategy plugin for hapi for validating webhook requests from Gitlab. This strategy validates the payload with the signature sent with the request.
The 'gitlabwebhook' scheme takes the following options:
secret- (required) the token configured for the webhook (never share or commit this to your project!)
1.1.X: compatible HAPI 17.x.x
1.0.X: compatible HAPI 16.x.x
var hapi = require('hapi');
var gitlabWebhooksPlugin = require('hapi-gitlab-webhooks');
var token = 'SomeUnsharedSecretToken';
var server = new hapi.Server({
host: host,
port: port
});
try {
await server.register(hapiGitlabWebhook)
} catch (err) {
throw err;
}
// Register gitlab webhook auth strategy
server.auth.strategy('gitlabwebhook', 'gitlabwebhook', { secret: token });
// Apply the strategy to the route that handles webhooks
server.route([
{
method: 'POST',
path: '/webhooks/gitlab',
config: {
auth: {
strategies: ['gitlabwebhook'],
payload: 'required'
}
},
handler: () => null
}
]);