-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor X-Hub-Signature validation #24
Comments
Okay, so to clarify you'd like an interface that looks something like this: public static class GitHubWebhookExtensionsWorker
{
public static VerifyResult VerifyContentType(HttpRequest request, string expectedContentType);
private static async Task<string> GetBodyAsync(HttpRequest request);
private static async Task<VerifyResult> VerifySignatureAsync(HttpRequest request, string secret, string body)
} where public sealed record VerifyResult
{
public bool IsSuccess { get; init; } = null!;
public int? ResponseCode { get; init; }
public string? ResponseMessage { get; init; }
} and |
That seems plausible, though maybe Is it possible to make
HttpRequest and to return a Task<VerifyResult<string>> capturing the body of a verified message) in the worker class?
|
Ah, one more thought re: |
👋 Hey Friends, this issue has been automatically marked as |
👋 Hey Friends, this issue has been automatically marked as |
Describe the feature
webhooks.net/src/Octokit.Webhooks.AspNetCore/GitHubWebhookExtensions.cs
Line 66 in 95e10f9
HttpContext
object only for itsheader
and for generating a response in the case of failure. Unfortunately.HttpContext
s are sometimes hard to come by; for example, Azure Functions, at least as of runner version 4, for example, provide onlyHttpRequest
s and not the fullHttpContext
.Therefore, it would be quite nice and DRY if this method could be split into a worker and wrapper, with the worker taking the already-extracted signature header and returning a
HttpStatusCode
andString
for the body, and the wrapper adapting for the ASP.NetHttpContext
object.The text was updated successfully, but these errors were encountered: