mirror of
https://github.com/therootcompany/golib.git
synced 2026-04-24 12:48:00 +00:00
AJ ONeal
4abac2a0df
Verify X-Hub-Signature-256 (and SHA-1) webhook signatures. Middleware buffers and re-exposes the body for downstream handlers. Errors honor Accept header: TSV default (text/plain for browsers), JSON, CSV, or Markdown — three fields (error, description, hint) with pseudocode hints.
36 lines
824 B
Go
36 lines
824 B
Go
package xhubsig_test
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/therootcompany/golib/auth/xhubsig"
|
|
)
|
|
|
|
func ExampleSign() {
|
|
sig := xhubsig.Sign(xhubsig.SHA256, "It's a Secret to Everybody", []byte("Hello, World!"))
|
|
fmt.Println(sig)
|
|
// Output:
|
|
// sha256=757107ea0eb2509fc211221cce984b8a37570b6d7586c22c46f4379c8b043e17
|
|
}
|
|
|
|
func ExampleVerify() {
|
|
body := []byte("Hello, World!")
|
|
sig := xhubsig.Sign(xhubsig.SHA256, "secret", body)
|
|
|
|
err := xhubsig.Verify(xhubsig.SHA256, "secret", body, sig)
|
|
fmt.Println(err)
|
|
// Output:
|
|
// <nil>
|
|
}
|
|
|
|
func ExampleXHubSig_Require() {
|
|
x := xhubsig.New("webhookSecret")
|
|
|
|
mux := http.NewServeMux()
|
|
mux.Handle("POST /webhook", x.Require(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// body is verified and re-readable here
|
|
w.WriteHeader(http.StatusNoContent)
|
|
})))
|
|
}
|