Skip to content

travis-ci/webhook-signature-verifier

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
4 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
lib
 
 
.gitignore
 
 
.travis.yml
 
 
Gemfile
 
 
Gemfile.lock
 
 
LICENSE
 
 
Procfile
 
 
README.md
 
 
Rakefile
 
 
config.ru
 
 
WebhookSignatureVerifier Description Verifying the signature

README.md

WebhookSignatureVerifier

A small Sinatra app to verify the webhook payload signature

Description

Travis CI's webhook notification delivers a POST request to the specified endpoint a JSON payload as described.

In addition, the request comes with the custom HTTP header Signature for the payload data.

This small Sinatra app shows how to verify the signature.

Verifying the signature

  1. Pick up the payload data from the HTTP request's body.
  2. Obtain the Signature header value, and base64-decode it.
  3. Obtain the public key corresponding to the private key that signed the payload. This is available at the /config endpoint's config.notifications.webhook.public_key on the relevant API server. (e.g., https://api.travis-ci.org/config)
  4. Verify the signature using the public key and SHA1 digest.

About

A small Sinatra app to verify the webhook payload signature

Resources

Readme

License

MIT license

Stars

4 stars

Watchers

4 watching

Forks

8 forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages