试图模拟 github webhook 请求,得到:"X-Hub-Signature does not match blob signature"
trying to mock github webhook request, get: "X-Hub-Signature does not match blob signature"
这里有一些代理服务器设置来处理 github webhooks:
require('dotenv').config();
var http = require('http');
var createHandler = require('github-webhook-handler');
var handler = createHandler({
path: '/webhook',
secret: process.env.GIT_WEBHOOK_SECRET
});
http
.createServer(function(req, res) {
handler(req, res, function(err) {
res.statusCode = 404;
res.end('no such location');
});
})
.listen(8080);
handler.on('error', function(err) {
console.error('Error:', err.message);
});
handler.on('push', function(event) {
console.log(
'Received a push event for %s to %s',
event.payload.repository.name,
event.payload.ref
);
});
handler.on('issues', function(event) {
console.log(
'Received an issue event for %s action=%s: #%d %s',
event.payload.repository.name,
event.payload.action,
event.payload.issue.number,
event.payload.issue.title
);
});
在 postman 中,我设置了这些 headers:
原始 body 在这里:https://developer.github.com/v3/activity/events/types/#pullrequestreviewevent
这是我的 pre-request 脚本:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", hash);
我可以确认 .env 中的 GIT_WEBHOOK_SECRET 与我的 Postman 环境设置中 secret 中的设置相同。
您需要将 X-Hub-Signature 的内容设置为带有 sha1 字段的参数:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", "sha1=" + hash);
来自 validating payloads from Github :
No matter which implementation you use, the hash signature starts with
sha1=, using the key of your secret token and your payload body.
这里有一些代理服务器设置来处理 github webhooks:
require('dotenv').config();
var http = require('http');
var createHandler = require('github-webhook-handler');
var handler = createHandler({
path: '/webhook',
secret: process.env.GIT_WEBHOOK_SECRET
});
http
.createServer(function(req, res) {
handler(req, res, function(err) {
res.statusCode = 404;
res.end('no such location');
});
})
.listen(8080);
handler.on('error', function(err) {
console.error('Error:', err.message);
});
handler.on('push', function(event) {
console.log(
'Received a push event for %s to %s',
event.payload.repository.name,
event.payload.ref
);
});
handler.on('issues', function(event) {
console.log(
'Received an issue event for %s action=%s: #%d %s',
event.payload.repository.name,
event.payload.action,
event.payload.issue.number,
event.payload.issue.title
);
});
在 postman 中,我设置了这些 headers:
原始 body 在这里:https://developer.github.com/v3/activity/events/types/#pullrequestreviewevent
这是我的 pre-request 脚本:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", hash);
我可以确认 .env 中的 GIT_WEBHOOK_SECRET 与我的 Postman 环境设置中 secret 中的设置相同。
您需要将 X-Hub-Signature 的内容设置为带有 sha1 字段的参数:
var payload = request.data;
console.log("Using payload as " + payload)
var hash = CryptoJS.HmacSHA1(payload, environment.secret).toString(CryptoJS.enc.Hex)
postman.setGlobalVariable("signature", "sha1=" + hash);
来自 validating payloads from Github :
No matter which implementation you use, the hash signature starts with sha1=, using the key of your secret token and your payload body.