github-webhook-auth 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +1 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE.txt +22 -0
  5. data/README.md +32 -0
  6. data/Rakefile +12 -0
  7. data/github-webhook-auth.gemspec +25 -0
  8. data/lib/github-webhook-auth.rb +1 -0
  9. data/lib/github/webhook/auth.rb +36 -0
  10. data/lib/github/webhook/auth/version.rb +7 -0
  11. data/spec/github/webhook/auth_spec.rb +52 -0
  12. metadata +96 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: b04bcb3f2bd7cae9a3638465b7dbeda3b8c6e9bd
4
+ data.tar.gz: cd4f878908b8f0b38bcace8078624d2bf27dad8e
5
+ SHA512:
6
+ metadata.gz: ac11b519d36906776084593d58b618fc5997a4f7fe279da8c841fc599122e315c5ea61ab488cabfc370853d7f54a7cfe7be28bbb09e9c275206342e7810b66e7
7
+ data.tar.gz: ec02cbba417c239fd3c0ea331c077621dcbb537bef51f9d26bf846fea79c545dc696a60f134a0fdc5ef40c853f232bfc1c9a10b690e781b30b752fe1a6ecb47d
data/.gitignore ADDED
@@ -0,0 +1 @@
1
+ Gemfile.lock
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in your gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2014 Jon Rowe
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,32 @@
1
+ # Github::Webhook::Auth
2
+
3
+ Simple gem / Rack middleware for forcing a valid Github Webhook
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'github-webhook-auth'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install github-webhook-auth
18
+
19
+ ## Usage
20
+
21
+ Set ENV['GITHUB_WEBHOOK_TOKEN'] to a secure value and then in your preferred
22
+ Rack configuration location for your webhook endpoint add:
23
+
24
+ use Github::Webhook::Auth
25
+
26
+ ## Contributing
27
+
28
+ 1. Fork it
29
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
30
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
31
+ 4. Push to the branch (`git push origin my-new-feature`)
32
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,12 @@
1
+ require 'bundler'
2
+ Bundler::GemHelper.install_tasks
3
+
4
+ require 'rspec'
5
+ require 'rspec/core/rake_task'
6
+
7
+ desc "Run specs"
8
+ RSpec::Core::RakeTask.new :spec do |task|
9
+ task.pattern = 'spec/**/*_spec.rb'
10
+ end
11
+
12
+ task :default => [:spec]
data/github-webhook-auth.gemspec ADDED
@@ -0,0 +1,25 @@
1
+ # -*- encoding: utf-8 -*-
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'github/webhook/auth/version'
5
+
6
+ Gem::Specification.new do |gem|
7
+ gem.name = "github-webhook-auth"
8
+ gem.version = Github::Webhook::Auth::VERSION
9
+ gem.authors = ["Jon Rowe"]
10
+ gem.email = ["hello@jonrowe.co.uk"]
11
+ gem.description = %q{Simple gem for forcing a valid Github Webhook}
12
+ gem.summary = %q{Simple gem for forcing a valid Github Webhook}
13
+ gem.homepage = "https://github.com/JonRowe/github-webhook-auth.git"
14
+
15
+ gem.files = `git ls-files`.split($/)
16
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
17
+ gem.test_files = gem.files.grep(%r{^(spec)/})
18
+ gem.require_paths = ["lib"]
19
+
20
+ gem.add_dependency 'rack'
21
+
22
+ gem.add_development_dependency 'rake'
23
+ gem.add_development_dependency 'rspec'
24
+
25
+ end
data/lib/github-webhook-auth.rb ADDED
@@ -0,0 +1 @@
1
+ require 'github/webhook/auth'
data/lib/github/webhook/auth.rb ADDED
@@ -0,0 +1,36 @@
1
+ require 'rack/utils'
2
+
3
+ module Github
4
+ module Webhook
5
+ class Auth
6
+ def initialize app
7
+ @app = app
8
+ end
9
+
10
+ def call env
11
+ return [401, {}, ''] unless verify_signature(env.dup)
12
+ @app.call env
13
+ end
14
+
15
+ private
16
+
17
+ def verify_signature env
18
+ Rack::Utils.secure_compare signature(body env), env.fetch('HTTP_X_HUB_SIGNATURE','')
19
+ end
20
+
21
+ def body env
22
+ env['rack.input'].rewind
23
+ env['rack.input'].read
24
+ end
25
+
26
+ def signature body
27
+ 'sha1=' + OpenSSL::HMAC.hexdigest(digest, ENV['SECRET_TOKEN'], body)
28
+ end
29
+
30
+ def digest
31
+ OpenSSL::Digest.new('sha1')
32
+ end
33
+
34
+ end
35
+ end
36
+ end
data/lib/github/webhook/auth/version.rb ADDED
@@ -0,0 +1,7 @@
1
+ module Github
2
+ module Webhook
3
+ class Auth
4
+ VERSION = '0.0.1'
5
+ end
6
+ end
7
+ end
data/spec/github/webhook/auth_spec.rb ADDED
@@ -0,0 +1,52 @@
1
+ require 'github-webhook-auth'
2
+
3
+ describe 'protecting a webhook api endpoint' do
4
+
5
+ let(:app) { double 'rack stack', :call => result }
6
+ let(:result) { double 'result' }
7
+ let(:middleware) { Github::Webhook::Auth.new(app) }
8
+ let(:secret) { 'S0m3Key' }
9
+
10
+ before do
11
+ stub_const("ENV", 'SECRET_TOKEN' => secret)
12
+ end
13
+
14
+ context 'when a valid auth token is provided' do
15
+ let(:env) { { 'HTTP_X_HUB_SIGNATURE' => signature, 'rack.input' => body } }
16
+ let(:body) { StringIO.new }
17
+ let(:hexdigest) { OpenSSL::Digest::Digest.new('sha1') }
18
+ let(:signature) { 'sha1='+OpenSSL::HMAC.hexdigest(hexdigest, secret, body.read) }
19
+
20
+ it 'calls the app and returns its response' do
21
+ expect(app).to receive(:call).with(env)
22
+ expect(middleware.call(env)).to eq result
23
+ end
24
+ end
25
+
26
+ context 'when an invalid auth token is provided' do
27
+ let(:env) { { 'HTTP_X_HUB_SIGNATURE' => 'notatoken', 'rack.input' => StringIO.new } }
28
+
29
+ it 'short circuits the app' do
30
+ expect(app).to_not receive(:call).with(env)
31
+ middleware.call(env)
32
+ end
33
+
34
+ it 'returns a 401 status' do
35
+ expect(middleware.call(env)[0]).to eq 401
36
+ end
37
+ end
38
+
39
+ context 'when no auth token is provided' do
40
+ let(:env) { { 'rack.input' => StringIO.new } }
41
+
42
+ it 'short circuits the app' do
43
+ expect(app).to_not receive(:call).with(env)
44
+ middleware.call(env)
45
+ end
46
+
47
+ it 'returns a 401 status' do
48
+ expect(middleware.call(env)[0]).to eq 401
49
+ end
50
+ end
51
+
52
+ end
metadata ADDED
@@ -0,0 +1,96 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: github-webhook-auth
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Jon Rowe
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-11-16 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description: Simple gem for forcing a valid Github Webhook
56
+ email:
57
+ - hello@jonrowe.co.uk
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - ".gitignore"
63
+ - Gemfile
64
+ - LICENSE.txt
65
+ - README.md
66
+ - Rakefile
67
+ - github-webhook-auth.gemspec
68
+ - lib/github-webhook-auth.rb
69
+ - lib/github/webhook/auth.rb
70
+ - lib/github/webhook/auth/version.rb
71
+ - spec/github/webhook/auth_spec.rb
72
+ homepage: https://github.com/JonRowe/github-webhook-auth.git
73
+ licenses: []
74
+ metadata: {}
75
+ post_install_message:
76
+ rdoc_options: []
77
+ require_paths:
78
+ - lib
79
+ required_ruby_version: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - ">="
82
+ - !ruby/object:Gem::Version
83
+ version: '0'
84
+ required_rubygems_version: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - ">="
87
+ - !ruby/object:Gem::Version
88
+ version: '0'
89
+ requirements: []
90
+ rubyforge_project:
91
+ rubygems_version: 2.4.3
92
+ signing_key:
93
+ specification_version: 4
94
+ summary: Simple gem for forcing a valid Github Webhook
95
+ test_files:
96
+ - spec/github/webhook/auth_spec.rb