An authentication strategy plugin for hapi for validating webhook requests from GitHub. This strategy validates the payload with the hmac-sha1 signature sent with the request.
This strategy is compatible with application/json
webhook payloads.
The 'githubwebhook'
scheme takes the following options:
secret
- (required) the token configured for the webhook (never share or commit this to your project!)
- >= v17: Use 2.x
- <= v16: Use 1.x
Version 1.0
There is an example server located in example/server.js
. You can run this server with npm run example
.
var hapi = require("hapi");
var githubWebhooksPlugin = require("hapi-github-webhooks");
var token = "SomeUnsharedSecretToken";
var server = new hapi.Server();
server.connection({
host: host,
port: port
});
server.register(githubWebhooksPlugin, function(err) {
// Register github webhook auth strategy
server.auth.strategy("githubwebhook", "githubwebhook", { secret: token });
// Apply the strategy to the route that handles webhooks
server.route([
{
method: "POST",
path: "/webhooks/github",
config: {
auth: {
strategies: ["githubwebhook"],
payload: "required"
}
},
handler: function(request, reply) {
// request.payload is the validated payload from GitHub
reply();
}
}
]);
});