Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/quirrel-dev/secure-webhooks
Secure signature-based authentication helper for webhooks.
https://github.com/quirrel-dev/secure-webhooks
javascript quirrel webhooks
Last synced: about 2 months ago
JSON representation
Secure signature-based authentication helper for webhooks.
- Host: GitHub
- URL: https://github.com/quirrel-dev/secure-webhooks
- Owner: quirrel-dev
- License: mit
- Created: 2020-09-13T15:34:37.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2024-08-02T09:42:18.000Z (about 2 months ago)
- Last Synced: 2024-08-02T11:14:16.035Z (about 2 months ago)
- Topics: javascript, quirrel, webhooks
- Language: TypeScript
- Homepage:
- Size: 205 KB
- Stars: 36
- Watchers: 2
- Forks: 5
- Open Issues: 18
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# secure-webhooks
Useful for securing webhooks.
## Usage
On the webhook sender:
```ts
import { symmetric } from "secure-webhooks"
const secret = "some shared secret"
const payload = "...";
const signature = symmetric.sign(payload, secret);
sendToWebhookReceiver({
body: payload,
headers: {
"x-webhook-signature": signature
...
}
})
```
On the webhook receiver:
```ts
import { symmetric } from "secure-webhooks"
const secret = "some shared secret" // the same as above
app.post("/webhook-endpoint", (req, res) => {
const isTrustWorthy = symmetric.verify(
req.body, // 👈 needs to be exactly the same as above, make sure to disable any body parsing for this route
secret,
req.headers["x-webhook-signature"]
)
if (!isTrustWorthy) {
res.status(401).end("Not Authorized")
return
}
...
})
```
Same works with asymmetric mode:
```ts
import { asymmetric } from "secure-webhooks"
```