servant-github-webhook: Servant combinators to facilitate writing GitHub webhooks.
This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.
This package provides servant combinators that make writing safe GitHub webhooks very simple.
It features automatic verification of the digital signatures provided by GitHub in the webhook HTTP requests as well as route dispatching based on repository event type.
[Skip to Readme]
Properties
| Versions | 0.1.0.0, 0.2.0.0, 0.2.0.1, 0.3.0.0, 0.3.0.1, 0.3.0.2, 0.3.1.0, 0.3.2.0, 0.3.2.1, 0.4.0.0, 0.4.1.0, 0.4.2.0, 0.4.2.0 |
|---|---|
| Change log | ChangeLog.md |
| Dependencies | aeson (>=0.11), base (>=4 && <5), base16-bytestring (>=0.1), bytestring (>=0.10), cryptonite (>=0.19), github (>=0.15), github-webhooks (>=0.9), http-types (>=0.9), memory (>=0.13), servant (>=0.13), servant-server (>=0.13), string-conversions (>=0.4), text (>=1.2), transformers, unordered-containers (>=0.2), wai (>=3.2) [details] |
| License | MIT |
| Copyright | Jacob Thomas Errington (c) 2016-2018 |
| Author | Jacob Thomas Errington |
| Maintainer | servant-github-webhook@mail.jerrington.me |
| Category | Web |
| Home page | https://github.com/tsani/servant-github-webhook |
| Bug tracker | https://github.com/tsani/servant-github-webhook/issues |
| Source repo | head: git clone https://github.com/tsani/servant-github-webhook.git |
| Uploaded | by tsani at 2019-08-21T14:48:07Z |
Modules
[Index] [Quick Jump]
- Servant
- GitHub
Downloads
- servant-github-webhook-0.4.2.0.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
Package maintainers
For package maintainers and hackage trustees
Readme for servant-github-webhook-0.4.2.0
[back to package description]servant-github-webhook
This library facilitates writing Servant routes that can safely act as GitHub webhooks.
Features:
- Dispatching to routes based on the type of repository event.
- Automatic verification of request signatures.
- Route protection expressed in the type system, so webhook routes and regular routes cannot be confused.
Why use servant-github-webhook?
A webhook server needs to be publicly hosted. How can legitimate requests sent by GitHub be distinguished from (malicious) requests sent by other clients?
When a webhook is configured on a repository, a secret key is added. This key is used by GitHub to compute a signature of the request body that it sends; this signature is included in the request headers. The routing combinators in servant-github-webhook compute the signature of the received request body using the same key, and check that the signature in the request headers matches. If it does, then the request is legitimate.