0.3.0 • Published 3 years ago

secure-webhooks v0.3.0

Weekly downloads
418
License
MIT
Repository
-
Last release
3 years ago

secure-webhooks

Useful for securing webhooks.

Usage

On the webhook sender:

import { symmetric } from "secure-webhooks"

const secret = "some shared secret"
const payload = "...";

const signature = symmetric.sign(payload, secret);

sendToWebhookReceiver({
  body: payload,
  headers: {
    "x-webhook-signature": signature
    ...
  }
})

On the webhook receiver:

import { symmetric } from "secure-webhooks"

const secret = "some shared secret" // the same as above

app.post("/webhook-endpoint", (req, res) => {
  const isTrustWorthy = symmetric.verify(
    req.body, // 👈 needs to be exactly the same as above, make sure to disable any body parsing for this route
    secret,
    req.headers["x-webhook-signature"]
  )

  if (!isTrustWorthy) {
    res.status(401).end("Not Authorized")
    return
  }

  ...
})

Same works with asymmetric mode:

import { asymmetric } from "secure-webhooks"
@infinitebrahmanuniverse/nolb-sec@everything-registry/sub-chunk-2726quirrel@m5r/quirrel@quirrel/client@bamotf/node
1.0.0-0

3 years ago

0.3.0

3 years ago

0.2.0

4 years ago