Here is a little proxy server setup to handle github webhooks:
require('dotenv').config();
var http = require('http');
var createHandler = require('github-webhook-handler');
var handler = createHandler({
path: '/webhook',
secret: process.env.GIT_WEBHOOK_SECRET
});
http
.createServer(function(req, res) {
handler(req, res, function(err) {
res.statusCode = 404;
res.end('no such location');
});
})
.listen(8080);
handler.on('error', function(err) {
console.error('Error:', err.message);
});
handler.on('push', function(event) {
console.log(
'Received a push event for %s to %s',
event.payload.repository.name,
event.payload.ref
);
});
handler.on('issues', function(event) {
console.log(
'Received an issue event for %s action=%s: #%d %s',
event.payload.repository.name,
event.payload.action,
event.payload.issue.number,
event.payload.issue.title
);
});
In postman, I have these headers set:
The raw body is here: https://developer.github.com/v3/activity/events/types/#pullrequestreviewevent
Here is my pre-request script:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", hash);
I can confirm that the GIT_WEBHOOK_SECRET in .env is the same as what is set in secret in my Postman environment settings.
You need to set content of X-Hub-Signature as parameters with sha1 field :
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", "sha1=" + hash);
From validating payloads from Github :
No matter which implementation you use, the hash signature starts with sha1=, using the key of your secret token and your payload body.
来源:https://stackoverflow.com/questions/44850789/trying-to-mock-github-webhook-request-get-x-hub-signature-does-not-match-blob