README

这个库提供了一个PSR-7样式和PSR-15中间件，用于验证传入的GitHub webhook请求是否正确签名。

提供的PSR-7请求将检查其X-Hub-Signature头，以确定请求是否是由GitHub使用正确的密钥签名的原始操作。

如果请求签名验证失败，将发送回一个401 JSON响应。

安装

安装此库的推荐方式是通过Composer

composer require "swop/github-webhook-middleware"

使用方法

示例：使用Zend Diactoros Server的PSR-7样式中间件

<?php

use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;

use Swop\GitHubWebHook\Security\SignatureValidator;
use Swop\GitHubWebHookMiddleware\GithubWebHook;

$request = \Zend\Diactoros\ServerRequestFactory::fromGlobals();

$middleware = new GithubWebHook(new SignatureValidator(), 'my_secret');

$next = function (RequestInterface $request, ResponseInterface $response) {
    // The security has been check.
    // Do some stuff with the web hook...
    return new \Zend\Diactoros\Response\JsonResponse(['status' => 'ok']);
};

$server = \Zend\Diactoros\Server::createServerFromRequest($middleware, $request);

$server->listen($next);

示例：使用Zend Stratigility的PSR-15中间件

<?php

use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;

use Zend\Stratigility\MiddlewarePipe;
use Zend\Stratigility\NoopFinalHandler;

use Zend\Diactoros\Server;
use Zend\Diactoros\Response\JsonResponse;

use Swop\GitHubWebHook\Security\SignatureValidator;
use Swop\GitHubWebHookMiddleware\GithubWebHook;

$app = (new MiddlewarePipe())
    ->pipe(new GithubWebHook(new SignatureValidator(), 'my_secret'))
    ->pipe('/', function (RequestInterface $request, ResponseInterface $response) {
        // The security has been check.
        // Do some stuff with the web hook...
        return new JsonResponse(['status' => 'OK']);
    });

$request = \Zend\Diactoros\ServerRequestFactory::fromGlobals();

Server::createServerFromRequest($app, $request)
    ->listen(new NoopFinalHandler())
;

贡献

请参阅CONTRIBUTING文件。

原作者

• Sylvain MAUDUIT (@Swop)为主要作者。

许可证

此库在MIT许可证下发布。请参阅捆绑的完整LICENSE文件。