The servant-github-webhook package

[ Tags: library, mit, web ] [ Propose Tags ]

This package provides servant combinators that make writing safe GitHub webhooks very simple.

It features automatic verification of the digital signatures provided by GitHub in the webhook HTTP requests as well as route dispatching based on repository event type.


[Skip to Readme]

Properties

Versions 0.1.0.0, 0.2.0.0, 0.2.0.1, 0.3.0.0, 0.3.0.1, 0.3.0.2, 0.3.1.0
Change log ChangeLog.md
Dependencies aeson (>=0.11 && <1.2), base (>=4.8 && <4.10), base16-bytestring (==0.1.*), bytestring (==0.10.*), cryptonite (>=0.23 && <0.25), github (>=0.15 && <0.17), http-types (==0.9.*), memory (==0.14.*), servant (==0.11.*), servant-server (==0.11.*), string-conversions (==0.4.*), text (==1.2.*), transformers (>=0.2 && <0.6), wai (==3.2.*) [details]
License MIT
Copyright Jacob Thomas Errington 2016
Author Jacob Thomas Errington
Maintainer servant-github-webhook@mail.jerrington.me
Category Web
Home page https://github.com/tsani/servant-github-webhook
Bug tracker https://github.com/tsani/servant-github-webhook/issues
Source repository head: git clone https://github.com/tsani/servant-github-webhook.git
Uploaded Sun Aug 6 19:22:42 UTC 2017 by tsani
Distributions NixOS:0.3.1.0
Downloads 327 total (18 in the last 30 days)
Rating 0.0 (0 ratings) [clear rating]
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2017-08-06 [all 1 reports]
Hackage Matrix CI

Modules

[Index]

Flags

NameDescriptionDefaultType
old-base

whether to use base-4.8 and transformers rather than base 4.9

EnabledAutomatic

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Maintainer's Corner

For package maintainers and hackage trustees


Readme for servant-github-webhook-0.3.1.0

[back to package description]

servant-github-webhook

Build Status Hackage

This library facilitates writing Servant routes that can safely act as GitHub webhooks.

Features:

  • Dispatching to routes based on the type of repository event.
  • Automatic verification of request signatures.
  • Route protection expressed in the type system, so webhook routes and regular routes cannot be confused.

Why use servant-github-webhook?

A webhook server needs to be publicly hosted. How can legitimate requests sent by GitHub be distinguished from (malicious) requests sent by other clients?

When a webhook is configured on a repository, a secret key is added. This key is used by GitHub to compute a signature of the request body that it sends; this signature is included in the request headers. The routing combinators in servant-github-webhook compute the signature of the received request body using the same key, and check that the signature in the request headers matches. If it does, then the request is legitimate.