尝试模拟 github webhook 请求,得到:“X-Hub-Signature 与 blob 签名不匹配”
two*_*ash 5 github hmac webhooks node.js cryptojs
这是一个处理 github webhook 的代理服务器设置:
require('dotenv').config();
var http = require('http');
var createHandler = require('github-webhook-handler');
var handler = createHandler({
path: '/webhook',
secret: process.env.GIT_WEBHOOK_SECRET
});
http
.createServer(function(req, res) {
handler(req, res, function(err) {
res.statusCode = 404;
res.end('no such location');
});
})
.listen(8080);
handler.on('error', function(err) {
console.error('Error:', err.message);
});
handler.on('push', function(event) {
console.log(
'Received a push event for %s to %s',
event.payload.repository.name,
event.payload.ref
);
});
handler.on('issues', function(event) {
console.log(
'Received an issue event for %s action=%s: #%d %s',
event.payload.repository.name,
event.payload.action,
event.payload.issue.number,
event.payload.issue.title
);
});
在邮递员中,我设置了这些标头:
原始主体在这里:https ://developer.github.com/v3/activity/events/types/#pullrequestreviewevent
这是我的预请求脚本:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", hash);
我可以确认 .env 中的内容与我的 Postman 环境设置中GIT_WEBHOOK_SECRET设置的内容相同。secret
您需要X-Hub-Signature使用 field 设置 as 参数的内容sha1:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", "sha1=" + hash);
无论您使用哪种实现,哈希签名都以 sha1= 开头,使用您的秘密令牌和负载主体的密钥。
| 归档时间: |
|
| 查看次数: |
2271 次 |
| 最近记录: |