-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathutils.ts
38 lines (32 loc) · 1.29 KB
/
utils.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import { assert } from "std/testing/asserts.ts";
import { NativeRequest } from "oak/mod.ts";
import type { ServerRequest } from "oak/types.d.ts";
import { verify } from "octokit-webhooks-methods";
import env from "./env.ts";
// https://stackoverflow.com/a/71088170/10379728
export type GitHubWebhookVerificationStatus = {
id: string;
verified: boolean;
};
// Type predicate used to access native Request instance
// Ref: https://github.com/oakserver/oak/issues/501#issuecomment-1084046581
function isNativeRequest(r: ServerRequest): r is NativeRequest {
// deno-lint-ignore no-explicit-any
return (r as any).request instanceof Request;
}
// Because this uses a native Request, it can be used in other contexts besides Oak (e.g. `std/http/serve`)
export async function verifyGitHubWebhook(
request: ServerRequest,
): Promise<GitHubWebhookVerificationStatus> {
assert(isNativeRequest(request));
const id = request.request.headers.get("X-GitHub-Delivery");
// This should be more strict in reality
if (!id) throw new Error("Not a GH webhhok");
const signature = request.headers.get("X-Hub-Signature-256");
let verified = false;
if (signature) {
const payload = await request.request.clone().text();
verified = await verify(env.SECRET, payload, signature);
}
return { id, verified };
}