github-webhook-auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +1 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE.txt +22 -0
  5. data/README.md +32 -0
  6. data/Rakefile +12 -0
  7. data/github-webhook-auth.gemspec +25 -0
  8. data/lib/github-webhook-auth.rb +1 -0
  9. data/lib/github/webhook/auth.rb +36 -0
  10. data/lib/github/webhook/auth/version.rb +7 -0
  11. data/spec/github/webhook/auth_spec.rb +52 -0
  12. metadata +96 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: b04bcb3f2bd7cae9a3638465b7dbeda3b8c6e9bd
4
+ data.tar.gz: cd4f878908b8f0b38bcace8078624d2bf27dad8e
5
+ SHA512:
6
+ metadata.gz: ac11b519d36906776084593d58b618fc5997a4f7fe279da8c841fc599122e315c5ea61ab488cabfc370853d7f54a7cfe7be28bbb09e9c275206342e7810b66e7
7
+ data.tar.gz: ec02cbba417c239fd3c0ea331c077621dcbb537bef51f9d26bf846fea79c545dc696a60f134a0fdc5ef40c853f232bfc1c9a10b690e781b30b752fe1a6ecb47d
data/.gitignore ADDED
@@ -0,0 +1 @@
1
+ Gemfile.lock
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in your gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2014 Jon Rowe
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,32 @@
1
+ # Github::Webhook::Auth
2
+
3
+ Simple gem / Rack middleware for forcing a valid Github Webhook
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'github-webhook-auth'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install github-webhook-auth
18
+
19
+ ## Usage
20
+
21
+ Set ENV['GITHUB_WEBHOOK_TOKEN'] to a secure value and then in your preferred
22
+ Rack configuration location for your webhook endpoint add:
23
+
24
+ use Github::Webhook::Auth
25
+
26
+ ## Contributing
27
+
28
+ 1. Fork it
29
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
30
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
31
+ 4. Push to the branch (`git push origin my-new-feature`)
32
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,12 @@
1
+ require 'bundler'
2
+ Bundler::GemHelper.install_tasks
3
+
4
+ require 'rspec'
5
+ require 'rspec/core/rake_task'
6
+
7
+ desc "Run specs"
8
+ RSpec::Core::RakeTask.new :spec do |task|
9
+ task.pattern = 'spec/**/*_spec.rb'
10
+ end
11
+
12
+ task :default => [:spec]
data/github-webhook-auth.gemspec ADDED
@@ -0,0 +1,25 @@
1
+ # -*- encoding: utf-8 -*-
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'github/webhook/auth/version'
5
+
6
+ Gem::Specification.new do |gem|
7
+ gem.name = "github-webhook-auth"
8
+ gem.version = Github::Webhook::Auth::VERSION
9
+ gem.authors = ["Jon Rowe"]
10
+ gem.email = ["hello@jonrowe.co.uk"]
11
+ gem.description = %q{Simple gem for forcing a valid Github Webhook}
12
+ gem.summary = %q{Simple gem for forcing a valid Github Webhook}
13
+ gem.homepage = "https://github.com/JonRowe/github-webhook-auth.git"
14
+
15
+ gem.files = `git ls-files`.split($/)
16
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
17
+ gem.test_files = gem.files.grep(%r{^(spec)/})
18
+ gem.require_paths = ["lib"]
19
+
20
+ gem.add_dependency 'rack'
21
+
22
+ gem.add_development_dependency 'rake'
23
+ gem.add_development_dependency 'rspec'
24
+
25
+ end
data/lib/github-webhook-auth.rb ADDED
@@ -0,0 +1 @@
1
+ require 'github/webhook/auth'
data/lib/github/webhook/auth.rb ADDED
@@ -0,0 +1,36 @@
1
+ require 'rack/utils'
2
+
3
+ module Github
4
+ module Webhook
5
+ class Auth
6
+ def initialize app
7
+ @app = app
8
+ end
9
+
10
+ def call env
11
+ return [401, {}, ''] unless verify_signature(env.dup)
12
+ @app.call env
13
+ end
14
+
15
+ private
16
+
17
+ def verify_signature env
18
+ Rack::Utils.secure_compare signature(body env), env.fetch('HTTP_X_HUB_SIGNATURE','')
19
+ end
20
+
21
+ def body env
22
+ env['rack.input'].rewind
23
+ env['rack.input'].read
24
+ end
25
+
26
+ def signature body
27
+ 'sha1=' + OpenSSL::HMAC.hexdigest(digest, ENV['SECRET_TOKEN'], body)
28
+ end
29
+
30
+ def digest
31
+ OpenSSL::Digest.new('sha1')
32
+ end
33
+
34
+ end
35
+ end
36
+ end
data/lib/github/webhook/auth/version.rb ADDED
@@ -0,0 +1,7 @@
1
+ module Github
2
+ module Webhook
3
+ class Auth
4
+ VERSION = '0.0.1'
5
+ end
6
+ end
7
+ end
data/spec/github/webhook/auth_spec.rb ADDED
@@ -0,0 +1,52 @@
1
+ require 'github-webhook-auth'
2
+
3
+ describe 'protecting a webhook api endpoint' do
4
+
5
+ let(:app) { double 'rack stack', :call => result }
6
+ let(:result) { double 'result' }
7
+ let(:middleware) { Github::Webhook::Auth.new(app) }
8
+ let(:secret) { 'S0m3Key' }
9
+
10
+ before do
11
+ stub_const("ENV", 'SECRET_TOKEN' => secret)
12
+ end
13
+
14
+ context 'when a valid auth token is provided' do
15
+ let(:env) { { 'HTTP_X_HUB_SIGNATURE' => signature, 'rack.input' => body } }
16
+ let(:body) { StringIO.new }
17
+ let(:hexdigest) { OpenSSL::Digest::Digest.new('sha1') }
18
+ let(:signature) { 'sha1='+OpenSSL::HMAC.hexdigest(hexdigest, secret, body.read) }
19
+
20
+ it 'calls the app and returns its response' do
21
+ expect(app).to receive(:call).with(env)
22
+ expect(middleware.call(env)).to eq result
23
+ end
24
+ end
25
+
26
+ context 'when an invalid auth token is provided' do
27
+ let(:env) { { 'HTTP_X_HUB_SIGNATURE' => 'notatoken', 'rack.input' => StringIO.new } }
28
+
29
+ it 'short circuits the app' do
30
+ expect(app).to_not receive(:call).with(env)
31
+ middleware.call(env)
32
+ end
33
+
34
+ it 'returns a 401 status' do
35
+ expect(middleware.call(env)[0]).to eq 401
36
+ end
37
+ end
38
+
39
+ context 'when no auth token is provided' do
40
+ let(:env) { { 'rack.input' => StringIO.new } }
41
+
42
+ it 'short circuits the app' do
43
+ expect(app).to_not receive(:call).with(env)
44
+ middleware.call(env)
45
+ end
46
+
47
+ it 'returns a 401 status' do
48
+ expect(middleware.call(env)[0]).to eq 401
49
+ end
50
+ end
51
+
52
+ end
metadata ADDED
@@ -0,0 +1,96 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: github-webhook-auth
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Jon Rowe
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-11-16 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description: Simple gem for forcing a valid Github Webhook
56
+ email:
57
+ - hello@jonrowe.co.uk
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - ".gitignore"
63
+ - Gemfile
64
+ - LICENSE.txt
65
+ - README.md
66
+ - Rakefile
67
+ - github-webhook-auth.gemspec
68
+ - lib/github-webhook-auth.rb
69
+ - lib/github/webhook/auth.rb
70
+ - lib/github/webhook/auth/version.rb
71
+ - spec/github/webhook/auth_spec.rb
72
+ homepage: https://github.com/JonRowe/github-webhook-auth.git
73
+ licenses: []
74
+ metadata: {}
75
+ post_install_message:
76
+ rdoc_options: []
77
+ require_paths:
78
+ - lib
79
+ required_ruby_version: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - ">="
82
+ - !ruby/object:Gem::Version
83
+ version: '0'
84
+ required_rubygems_version: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - ">="
87
+ - !ruby/object:Gem::Version
88
+ version: '0'
89
+ requirements: []
90
+ rubyforge_project:
91
+ rubygems_version: 2.4.3
92
+ signing_key:
93
+ specification_version: 4
94
+ summary: Simple gem for forcing a valid Github Webhook
95
+ test_files:
96
+ - spec/github/webhook/auth_spec.rb