Skip to content
/ hmacsig Public

HMAC Signature Validation Middleware (e.g. for GitHub Webhooks)

License

Notifications You must be signed in to change notification settings

donatj/hmacsig

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

hmacsig

GoDoc Go Report Card CI

HMAC Signature Validation Middleware (like GitHub Webhooks Uses)

Supports SHA-1 validation via hmacsig.Handler and SHA-256 validation via hmacsig.Handler256

GitHub now recommends SHA-256 over SHA-1 - read more:

https://docs.github.com/en/free-pro-team@latest/developers/webhooks-and-events/securing-your-webhooks

Example

package main

import (
	"log"
	"net/http"

	"github.com/donatj/hmacsig"
)

func main() {
	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("success"))
	})

	s := hmacsig.Handler256(h, "supersecret")

	err := http.ListenAndServe(":8080", s)
	if err != nil {
		log.Fatal(err)
	}
}