尝试模拟github webhook请求,得到:“ X-Hub-Signature与blob签名不匹配”; [英] trying to mock github webhook request, get: "X-Hub-Signature does not match blob signature"
问题描述
这里有一些代理服务器设置,可以处理github上的webhooks:
Here is a little proxy server setup to handle github webhooks:
require('dotenv').config();
var http = require('http');
var createHandler = require('github-webhook-handler');
var handler = createHandler({
path: '/webhook',
secret: process.env.GIT_WEBHOOK_SECRET
});
http
.createServer(function(req, res) {
handler(req, res, function(err) {
res.statusCode = 404;
res.end('no such location');
});
})
.listen(8080);
handler.on('error', function(err) {
console.error('Error:', err.message);
});
handler.on('push', function(event) {
console.log(
'Received a push event for %s to %s',
event.payload.repository.name,
event.payload.ref
);
});
handler.on('issues', function(event) {
console.log(
'Received an issue event for %s action=%s: #%d %s',
event.payload.repository.name,
event.payload.action,
event.payload.issue.number,
event.payload.issue.title
);
});
在邮递员中,我设置了以下标题:
In postman, I have these headers set:
原始正文在这里: https://developer.github.com/v3/activity/events/types/#pullrequestreviewevent
这是我的请求前脚本:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", hash);
我可以确认中的 GIT_WEBHOOK_SECRET
。 env与在Postman环境设置中的秘密
中设置的内容相同。
I can confirm that the GIT_WEBHOOK_SECRET
in .env is the same as what is set in secret
in my Postman environment settings.
推荐答案
您需要使用 sha1
字段将 X-Hub-Signature
的内容设置为参数:
You need to set content of X-Hub-Signature
as parameters with sha1
field :
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", "sha1=" + hash);
无论采用哪种实现您使用时,哈希签名以
sha1 =开头,并使用您的秘密令牌的密钥和有效载荷主体。
No matter which implementation you use, the hash signature starts with sha1=, using the key of your secret token and your payload body.
这篇关于尝试模拟github webhook请求,得到:“ X-Hub-Signature与blob签名不匹配”;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!