github-webhook-handler 0.5.1 → 1.0.0

package/.travis.yml

@@ -0,0 +1,14 @@
+sudo: false
+language: node_js
+node_js:
+  - 8
+  - 10
+  - 12
+  - lts/*
+  - current
+branches:
+  only:
+    - master
+notifications:
+  email:
+    - rod@vagg.org

package/README.md

@@ -1,12 +1,19 @@
 # github-webhook-handler
 
-[![NPM](https://nodei.co/npm/github-webhook-handler.png?downloads=true&downloadRank=true)](https://nodei.co/npm/github-webhook-handler/)
-[![NPM](https://nodei.co/npm-dl/github-webhook-handler.png?months=6&height=3)](https://nodei.co/npm/github-webhook-handler/)
+[![Build Status](https://travis-ci.org/rvagg/github-webhook-handler.svg?branch=master)](https://travis-ci.org/rvagg/github-webhook-handler)
+
+[![NPM](https://nodei.co/npm/github-webhook-handler.svg)](https://nodei.co/npm/github-webhook-handler/)
 
 GitHub allows you to register **[Webhooks](https://developer.github.com/webhooks/)** for your repositories. Each time an event occurs on your repository, whether it be pushing code, filling issues or creating pull requests, the webhook address you register can be configured to be pinged with details.
 
 This library is a small handler (or "middleware" if you must) for Node.js web servers that handles all the logic of receiving and verifying webhook requests from GitHub.
 
+## Tips
+
+In Github Webhooks settings, Content type must be `application/json`.
+
+`application/x-www-form-urlencoded` won't work at present.
+
 ## Example
 
 ```js
@@ -40,12 +47,15 @@ handler.on('issues', function (event) {
 })
 ```
 
+for multiple handlers, please see [multiple-handlers-issue](https://github.com/rvagg/github-webhook-handler/pull/22#issuecomment-274301907).
+
 ## API
 
 github-webhook-handler exports a single function, use this function to *create* a webhook handler by passing in an *options* object. Your options object should contain:
 
  * `"path"`: the complete case sensitive path/route to match when looking at `req.url` for incoming requests. Any request not matching this path will cause the callback function to the handler to be called (sometimes called the `next` handler).
  * `"secret"`: this is a hash key used for creating the SHA-1 HMAC signature of the JSON blob sent by GitHub. You should register the same secret key with GitHub. Any request not delivering a `X-Hub-Signature` that matches the signature generated using this key against the blob will be rejected and cause an `'error'` event (also the callback will be called with an `Error` object).
+ * `"events"`: an optional array of whitelisted event types (see: *events.json*). If defined, any incoming request whose `X-Github-Event` can't be found in the whitelist will be rejected. If only a single event type is acceptable, this option can also be a string.
 
 The resulting **handler** function acts like a common "middleware" handler that you can insert into a processing chain. It takes `request`, `response`, and `callback` arguments. The `callback` is not called if the request is successfully handled, otherwise it is called either with an `Error` or no arguments.
 
@@ -66,4 +76,4 @@ Additionally, there is a special `'*'` even you can listen to in order to receiv
 
 ## License
 
-**github-webhook-handler** is Copyright (c) 2014 Rod Vagg [@rvagg](https://twitter.com/rvagg) and licensed under the MIT License. All rights not explicitly granted in the MIT License are reserved. See the included [LICENSE.md](./LICENSE.md) file for more details.
+**github-webhook-handler** is Copyright (c) 2014 Rod Vagg and licensed under the MIT License. All rights not explicitly granted in the MIT License are reserved. See the included [LICENSE.md](./LICENSE.md) file for more details.

package/events.json

@@ -10,13 +10,15 @@
   "issue_comment": "Any time an Issue is commented on",
   "issues": "Any time an Issue is opened or closed",
   "member": "Any time a User is added as a collaborator to a non-Organization Repository",
+  "membership": "Any time a User is added or removed from a team. Organization hooks only.",
   "page_build": "Any time a Pages site is built or results in a failed build",
   "public": "Any time a Repository changes from private to public",
   "pull_request_review_comment": "Any time a Commit is commented on while inside a Pull Request review (the Files Changed tab)",
   "pull_request": "Any time a Pull Request is opened, closed, or synchronized (updated due to a new push in the branch that the pull request is tracking)",
   "push": "Any git push to a Repository. This is the default event",
   "release": "Any time a Release is published in the Repository",
+  "repository": "Any time a Repository is created. Organization hooks only.",
   "status": "Any time a Repository has a status update from the API",
   "team_add": "Any time a team is added or modified on a Repository",
   "watchAny": "time a User watches the Repository"
-}
+}

package/github-webhook-handler.d.ts

@@ -0,0 +1,18 @@
+///<reference types="node" />
+
+import { IncomingMessage, ServerResponse } from "http";
+import { EventEmitter } from "events";
+
+interface CreateHandlerOptions {
+    path: string;
+    secret: string;
+    events?: string | string[];
+}
+
+interface handler extends EventEmitter {
+    (req: IncomingMessage, res: ServerResponse, callback: (err: Error) => void): void;
+}
+
+declare function createHandler(options: CreateHandlerOptions|CreateHandlerOptions[]): handler;
+
+export = createHandler;

package/github-webhook-handler.js

@@ -1,69 +1,124 @@
-const EventEmitter = require('events').EventEmitter
-    , inherits     = require('util').inherits
-    , crypto       = require('crypto')
-    , bl           = require('bl')
-    , bufferEq     = require('buffer-equal-constant-time')
+const EventEmitter = require('events')
+const crypto = require('crypto')
+const bl = require('bl')
 
+function findHandler (url, arr) {
+  if (!Array.isArray(arr)) {
+    return arr
+  }
 
-function signBlob (key, blob) {
-  return 'sha1=' + crypto.createHmac('sha1', key).update(blob).digest('hex')
-}
+  let ret = arr[0]
+  for (let i = 0; i < arr.length; i++) {
+    if (url === arr[i].path) {
+      ret = arr[i]
+    }
+  }
 
+  return ret
+}
 
-function create (options) {
-  if (typeof options != 'object')
+function checkType (options) {
+  if (typeof options !== 'object') {
     throw new TypeError('must provide an options object')
+  }
 
-  if (typeof options.path != 'string')
+  if (typeof options.path !== 'string') {
     throw new TypeError('must provide a \'path\' option')
+  }
 
-  if (typeof options.secret != 'string')
+  if (typeof options.secret !== 'string') {
     throw new TypeError('must provide a \'secret\' option')
+  }
+}
+
+function create (initOptions) {
+  let options
+  // validate type of options
+  if (Array.isArray(initOptions)) {
+    for (let i = 0; i < initOptions.length; i++) {
+      checkType(initOptions[i])
+    }
+  } else {
+    checkType(initOptions)
+  }
 
-  // make it an EventEmitter, sort of
-  handler.__proto__ = EventEmitter.prototype
+  // make it an EventEmitter
+  Object.setPrototypeOf(handler, EventEmitter.prototype)
   EventEmitter.call(handler)
 
+  handler.sign = sign
+  handler.verify = verify
+
   return handler
 
+  function sign (data) {
+    return `sha1=${crypto.createHmac('sha1', options.secret).update(data).digest('hex')}`
+  }
+
+  function verify (signature, data) {
+    const sig = Buffer.from(signature)
+    const signed = Buffer.from(sign(data))
+    if (sig.length !== signed.length) {
+      return false
+    }
+    return crypto.timingSafeEqual(sig, signed)
+  }
 
   function handler (req, res, callback) {
-    if (req.url.split('?').shift() !== options.path)
+    let events
+
+    options = findHandler(req.url, initOptions)
+
+    if (typeof options.events === 'string' && options.events !== '*') {
+      events = [options.events]
+    } else if (Array.isArray(options.events) && options.events.indexOf('*') === -1) {
+      events = options.events
+    }
+
+    if (req.url !== options.path || req.method !== 'POST') {
       return callback()
+    }
 
     function hasError (msg) {
       res.writeHead(400, { 'content-type': 'application/json' })
       res.end(JSON.stringify({ error: msg }))
 
-      var err = new Error(msg)
+      const err = new Error(msg)
 
       handler.emit('error', err, req)
       callback(err)
     }
 
-    var sig   = req.headers['x-hub-signature']
-      , event = req.headers['x-github-event']
-      , id    = req.headers['x-github-delivery']
+    const sig = req.headers['x-hub-signature']
+    const event = req.headers['x-github-event']
+    const id = req.headers['x-github-delivery']
 
-    if (!sig)
+    if (!sig) {
       return hasError('No X-Hub-Signature found on request')
+    }
 
-    if (!event)
+    if (!event) {
       return hasError('No X-Github-Event found on request')
+    }
 
-    if (!id)
+    if (!id) {
       return hasError('No X-Github-Delivery found on request')
+    }
 
-    req.pipe(bl(function (err, data) {
+    if (events && events.indexOf(event) === -1) {
+      return hasError('X-Github-Event is not acceptable')
+    }
+
+    req.pipe(bl((err, data) => {
       if (err) {
         return hasError(err.message)
       }
 
-      var obj
-      var computedSig = new Buffer(signBlob(options.secret, data))
+      let obj
 
-      if (!bufferEq(new Buffer(sig), computedSig))
+      if (!verify(sig, data)) {
         return hasError('X-Hub-Signature does not match blob signature')
+      }
 
       try {
         obj = JSON.parse(data.toString())
@@ -74,13 +129,14 @@ function create (options) {
       res.writeHead(200, { 'content-type': 'application/json' })
       res.end('{"ok":true}')
 
-      var emitData = {
-          event   : event
-        , id      : id
-        , payload : obj
-        , protocol: req.protocol
-        , host    : req.headers['host']
-        , url     : req.url
+      const emitData = {
+        event: event,
+        id: id,
+        payload: obj,
+        protocol: req.protocol,
+        host: req.headers.host,
+        url: req.url,
+        path: options.path
       }
 
       handler.emit(event, emitData)
@@ -89,5 +145,4 @@ function create (options) {
   }
 }
 
-
 module.exports = create

package/package.json

@@ -1,10 +1,12 @@
 {
   "name": "github-webhook-handler",
-  "version": "0.5.1",
+  "version": "1.0.0",
   "description": "Web handler / middleware for processing GitHub Webhooks",
   "main": "github-webhook-handler.js",
+  "types": "github-webhook-handler.d.ts",
   "scripts": {
-    "test": "node test.js"
+    "lint": "standard *.js",
+    "test": "npm run lint && node test.js"
   },
   "keywords": [
     "github",
@@ -17,11 +19,13 @@
   },
   "license": "MIT",
   "dependencies": {
-    "bl": "~1.1.2",
-    "buffer-equal-constant-time": "~1.0.1"
+    "bl": "~4.0.0"
   },
   "devDependencies": {
-    "tape": "~4.6.0",
-    "through2": "~2.0.1"
+    "@types/node": "*",
+    "run-series": "~1.1.8",
+    "standard": "~14.3.1",
+    "tape": "~4.11.0",
+    "through2": "~3.0.1"
   }
 }

package/test.js

@@ -1,44 +1,41 @@
-const test     = require('tape')
-    , crypto   = require('crypto')
-    , handler  = require('./')
-    , through2 = require('through2')
-
+const test = require('tape')
+const crypto = require('crypto')
+const handler = require('./')
+const through2 = require('through2')
+const series = require('run-series')
 
 function signBlob (key, blob) {
-  return 'sha1=' +
-  crypto.createHmac('sha1', key).update(blob).digest('hex')
+  return `sha1=${crypto.createHmac('sha1', key).update(blob).digest('hex')}`
 }
 
-
-function mkReq (url) {
-  var req = through2()
+function mkReq (url, method) {
+  const req = through2()
+  req.method = method || 'POST'
   req.url = url
   req.headers = {
-      'x-hub-signature'   : 'bogus'
-    , 'x-github-event'    : 'bogus'
-    , 'x-github-delivery' : 'bogus'
+    'x-hub-signature': 'bogus',
+    'x-github-event': 'bogus',
+    'x-github-delivery': 'bogus'
   }
   return req
 }
 
-
 function mkRes () {
-  var res = {
-      writeHead : function (statusCode, headers) {
-        res.$statusCode = statusCode
-        res.$headers = headers
-      }
-
-    , end       : function (content) {
-        res.$end = content
-      }
+  const res = {
+    writeHead: function (statusCode, headers) {
+      res.$statusCode = statusCode
+      res.$headers = headers
+    },
+
+    end: function (content) {
+      res.$end = content
+    }
   }
 
   return res
 }
 
-
-test('handler without full options throws', function (t) {
+test('handler without full options throws', (t) => {
   t.plan(4)
 
   t.equal(typeof handler, 'function', 'handler exports a function')
@@ -50,44 +47,81 @@ test('handler without full options throws', function (t) {
   t.throws(handler.bind(null, { path: '/' }), /must provide a 'secret' option/, 'throws if no secret option')
 })
 
+test('handler without full options throws in array', (t) => {
+  t.plan(2)
 
-test('handler ignores invalid urls', function (t) {
-  var options = { path: '/some/url', secret: 'bogus' }
-    , h       = handler(options)
+  t.throws(handler.bind(null, [{}]), /must provide a 'path' option/, 'throws if no path option')
+
+  t.throws(handler.bind(null, [{ path: '/' }]), /must provide a 'secret' option/, 'throws if no secret option')
+})
+
+test('handler ignores invalid urls', (t) => {
+  const options = { path: '/some/url', secret: 'bogus' }
+  const h = handler(options)
 
   t.plan(6)
 
-  h(mkReq('/'), mkRes(), function (err) {
+  h(mkReq('/'), mkRes(), (err) => {
     t.error(err)
     t.ok(true, 'request was ignored')
   })
 
   // near match
-  h(mkReq('/some/url/'), mkRes(), function (err) {
+  h(mkReq('/some/url/'), mkRes(), (err) => {
     t.error(err)
     t.ok(true, 'request was ignored')
   })
 
   // partial match
-  h(mkReq('/some'), mkRes(), function (err) {
+  h(mkReq('/some'), mkRes(), (err) => {
+    t.error(err)
+    t.ok(true, 'request was ignored')
+  })
+})
+
+test('handler ingores non-POST requests', (t) => {
+  const options = { path: '/some/url', secret: 'bogus' }
+  const h = handler(options)
+
+  t.plan(4)
+
+  h(mkReq('/some/url', 'GET'), mkRes(), (err) => {
+    t.error(err)
+    t.ok(true, 'request was ignored')
+  })
+
+  h(mkReq('/some/url?test=param', 'GET'), mkRes(), (err) => {
     t.error(err)
     t.ok(true, 'request was ignored')
   })
 })
 
+test('handler accepts valid urls', (t) => {
+  const options = { path: '/some/url', secret: 'bogus' }
+  const h = handler(options)
 
-test('handler accepts valid urls', function (t) {
-  var options = { path: '/some/url', secret: 'bogus' }
-    , h       = handler(options)
+  t.plan(1)
+
+  h(mkReq('/some/url'), mkRes(), (err) => {
+    t.error(err)
+    t.fail(false, 'should not call')
+  })
+
+  setTimeout(t.ok.bind(t, true, 'done'))
+})
+
+test('handler accepts valid urls in Array', (t) => {
+  const options = [{ path: '/some/url', secret: 'bogus' }, { path: '/someOther/url', secret: 'bogus' }]
+  const h = handler(options)
 
   t.plan(1)
 
-  h(mkReq('/some/url'), mkRes(), function (err) {
+  h(mkReq('/some/url'), mkRes(), (err) => {
     t.error(err)
     t.fail(false, 'should not call')
   })
 
-  h(mkReq('/some/url?test=param'), mkRes(), function (err) {
+  h(mkReq('/someOther/url'), mkRes(), (err) => {
     t.error(err)
     t.fail(false, 'should not call')
   })
@@ -95,18 +129,75 @@ test('handler accepts valid urls', function (t) {
   setTimeout(t.ok.bind(t, true, 'done'))
 })
 
+test('handler can reject events', (t) => {
+  const acceptableEvents = {
+    undefined: undefined,
+    'a string equal to the event': 'bogus',
+    'a string equal to *': '*',
+    'an array containing the event': ['bogus'],
+    'an array containing *': ['not-bogus', '*']
+  }
+  const unacceptableEvents = {
+    'a string not equal to the event or *': 'not-bogus',
+    'an array not containing the event or *': ['not-bogus']
+  }
+  const acceptable = Object.keys(acceptableEvents)
+  const unacceptable = Object.keys(unacceptableEvents)
+  const acceptableTests = acceptable.map((events) => {
+    return acceptableReq.bind(null, events)
+  })
+  const unacceptableTests = unacceptable.map((events) => {
+    return unacceptableReq.bind(null, events)
+  })
+
+  t.plan(acceptable.length + unacceptable.length)
+  series(acceptableTests.concat(unacceptableTests))
+
+  function acceptableReq (events, callback) {
+    const h = handler({
+      path: '/some/url',
+      secret: 'bogus',
+      events: acceptableEvents[events]
+    })
+
+    h(mkReq('/some/url'), mkRes(), (err) => {
+      t.error(err)
+      t.fail(false, 'should not call')
+    })
+
+    setTimeout(() => {
+      t.ok(true, 'accepted because options.events was ' + events)
+      callback()
+    })
+  }
+
+  function unacceptableReq (events, callback) {
+    const h = handler({
+      path: '/some/url',
+      secret: 'bogus',
+      events: unacceptableEvents[events]
+    })
+
+    h.on('error', () => {})
+
+    h(mkReq('/some/url'), mkRes(), (err) => {
+      t.ok(err, 'rejected because options.events was ' + events)
+      callback()
+    })
+  }
+})
 
 // because we don't inherit in a traditional way
-test('handler is an EventEmitter', function (t) {
+test('handler is an EventEmitter', (t) => {
   t.plan(5)
 
-  var h = handler({ path: '/', secret: 'bogus' })
+  const h = handler({ path: '/', secret: 'bogus' })
 
   t.equal(typeof h.on, 'function', 'has h.on()')
   t.equal(typeof h.emit, 'function', 'has h.emit()')
   t.equal(typeof h.removeListener, 'function', 'has h.removeListener()')
 
-  h.on('ping', function (pong) {
+  h.on('ping', (pong) => {
     t.equal(pong, 'pong', 'got event')
   })
 
@@ -115,85 +206,110 @@ test('handler is an EventEmitter', function (t) {
   t.throws(h.emit.bind(h, 'error', new Error('threw an error')), /threw an error/, 'acts like an EE')
 })
 
-
-test('handler accepts a signed blob', function (t) {
+test('handler accepts a signed blob', (t) => {
   t.plan(4)
 
-  var obj  = { some: 'github', object: 'with', properties: true }
-    , json = JSON.stringify(obj)
-    , h    = handler({ path: '/', secret: 'bogus' })
-    , req  = mkReq('/')
-    , res  = mkRes()
+  const obj = { some: 'github', object: 'with', properties: true }
+  const json = JSON.stringify(obj)
+  const h = handler({ path: '/', secret: 'bogus' })
+  const req = mkReq('/')
+  const res = mkRes()
 
   req.headers['x-hub-signature'] = signBlob('bogus', json)
-  req.headers['x-github-event']  = 'push'
+  req.headers['x-github-event'] = 'push'
 
-  h.on('push', function (event) {
-    t.deepEqual(event, { event: 'push', id: 'bogus', payload: obj, url: '/', host: undefined, protocol: undefined })
+  h.on('push', (event) => {
+    t.deepEqual(event, { event: 'push', id: 'bogus', payload: obj, url: '/', host: undefined, protocol: undefined, path: '/' })
     t.equal(res.$statusCode, 200, 'correct status code')
     t.deepEqual(res.$headers, { 'content-type': 'application/json' })
     t.equal(res.$end, '{"ok":true}', 'got correct content')
   })
 
-  h(req, res, function (err) {
+  h(req, res, (err) => {
     t.error(err)
     t.fail(true, 'should not get here!')
   })
 
-  process.nextTick(function () {
+  process.nextTick(() => {
     req.end(json)
   })
 })
 
+test('handler accepts multi blob in Array', (t) => {
+  t.plan(4)
+
+  const obj = { some: 'github', object: 'with', properties: true }
+  const json = JSON.stringify(obj)
+  const h = handler([{ path: '/', secret: 'bogus' }, { path: '/some/url', secret: 'bogus' }])
+  const req = mkReq('/some/url')
+  const res = mkRes()
+  req.headers['x-hub-signature'] = signBlob('bogus', json)
+  req.headers['x-github-event'] = 'push'
+
+  h.on('push', (event) => {
+    t.deepEqual(event, { event: 'push', id: 'bogus', payload: obj, url: '/some/url', host: undefined, protocol: undefined, path: '/some/url' })
+    t.equal(res.$statusCode, 200, 'correct status code')
+    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
+    t.equal(res.$end, '{"ok":true}', 'got correct content')
+  })
+
+  h(req, res, (err) => {
+    t.error(err)
+    t.fail(true, 'should not get here!')
+  })
 
-test('handler accepts a signed blob with alt event', function (t) {
+  process.nextTick(() => {
+    req.end(json)
+  })
+})
+
+test('handler accepts a signed blob with alt event', (t) => {
   t.plan(4)
 
-  var obj  = { some: 'github', object: 'with', properties: true }
-    , json = JSON.stringify(obj)
-    , h    = handler({ path: '/', secret: 'bogus' })
-    , req  = mkReq('/')
-    , res  = mkRes()
+  const obj = { some: 'github', object: 'with', properties: true }
+  const json = JSON.stringify(obj)
+  const h = handler({ path: '/', secret: 'bogus' })
+  const req = mkReq('/')
+  const res = mkRes()
 
   req.headers['x-hub-signature'] = signBlob('bogus', json)
-  req.headers['x-github-event']  = 'issue'
+  req.headers['x-github-event'] = 'issue'
 
-  h.on('push', function (event) {
+  h.on('push', (event) => {
     t.fail(true, 'should not get here!')
   })
 
-  h.on('issue', function (event) {
-    t.deepEqual(event, { event: 'issue', id: 'bogus', payload: obj, url: '/', host: undefined, protocol: undefined })
+  h.on('issue', (event) => {
+    t.deepEqual(event, { event: 'issue', id: 'bogus', payload: obj, url: '/', host: undefined, protocol: undefined, path: '/' })
     t.equal(res.$statusCode, 200, 'correct status code')
     t.deepEqual(res.$headers, { 'content-type': 'application/json' })
     t.equal(res.$end, '{"ok":true}', 'got correct content')
   })
 
-  h(req, res, function (err) {
+  h(req, res, (err) => {
     t.error(err)
     t.fail(true, 'should not get here!')
   })
 
-  process.nextTick(function () {
+  process.nextTick(() => {
     req.end(json)
   })
 })
 
-
-test('handler rejects a badly signed blob', function (t) {
+test('handler rejects a badly signed blob', (t) => {
   t.plan(6)
 
-  var obj  = { some: 'github', object: 'with', properties: true }
-    , json = JSON.stringify(obj)
-    , h    = handler({ path: '/', secret: 'bogus' })
-    , req  = mkReq('/')
-    , res  = mkRes()
+  const obj = { some: 'github', object: 'with', properties: true }
+  const json = JSON.stringify(obj)
+  const h = handler({ path: '/', secret: 'bogus' })
+  const req = mkReq('/')
+  const res = mkRes()
 
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   // break signage by a tiny bit
   req.headers['x-hub-signature'] = '0' + req.headers['x-hub-signature'].substring(1)
 
-  h.on('error', function (err, _req) {
+  h.on('error', (err, _req) => {
     t.ok(err, 'got an error')
     t.strictEqual(_req, req, 'was given original request object')
     t.equal(res.$statusCode, 400, 'correct status code')
@@ -201,56 +317,54 @@ test('handler rejects a badly signed blob', function (t) {
     t.equal(res.$end, '{"error":"X-Hub-Signature does not match blob signature"}', 'got correct content')
   })
 
-  h.on('push', function (event) {
+  h.on('push', (event) => {
     t.fail(true, 'should not get here!')
   })
 
-  h(req, res, function (err) {
+  h(req, res, (err) => {
     t.ok(err, 'got error on callback')
   })
 
-  process.nextTick(function () {
+  process.nextTick(() => {
     req.end(json)
   })
 })
 
-test('handler responds on a bl error', function (t) {
+test('handler responds on a bl error', (t) => {
   t.plan(4)
 
-  var obj  = { some: 'github', object: 'with', properties: true }
-    , json = JSON.stringify(obj)
-    , h    = handler({ path: '/', secret: 'bogus' })
-    , req  = mkReq('/')
-    , res  = mkRes()
+  const obj = { some: 'github', object: 'with', properties: true }
+  const json = JSON.stringify(obj)
+  const h = handler({ path: '/', secret: 'bogus' })
+  const req = mkReq('/')
+  const res = mkRes()
 
   req.headers['x-hub-signature'] = signBlob('bogus', json)
-  req.headers['x-github-event']  = 'issue'
+  req.headers['x-github-event'] = 'issue'
 
-  h.on('push', function (event) {
+  h.on('push', (event) => {
     t.fail(true, 'should not get here!')
   })
 
-  h.on('issue', function (event) {
+  h.on('issue', (event) => {
     t.fail(true, 'should never get here!')
   })
 
-  h.on('error', function(err) {
+  h.on('error', (err) => {
     t.ok(err, 'got an error')
     t.equal(res.$statusCode, 400, 'correct status code')
-  });
+  })
 
-  h(req, res, function (err) {
+  h(req, res, (err) => {
     t.ok(err)
   })
 
-  var end = res.end
-  res.end = function () {
+  res.end = () => {
     t.equal(res.$statusCode, 400, 'correct status code')
   }
 
   req.write('{')
-  process.nextTick(function() {
+  process.nextTick(() => {
     req.emit('error', new Error('simulated explosion'))
-  });
-
+  })
 })

package/.jshintrc

@@ -1,59 +0,0 @@
-{
-    "predef": [ ]
-  , "bitwise": false
-  , "camelcase": false
-  , "curly": false
-  , "eqeqeq": false
-  , "forin": false
-  , "immed": false
-  , "latedef": false
-  , "noarg": true
-  , "noempty": true
-  , "nonew": true
-  , "plusplus": false
-  , "quotmark": true
-  , "regexp": false
-  , "undef": true
-  , "unused": true
-  , "strict": false
-  , "trailing": true
-  , "maxlen": 120
-  , "asi": true
-  , "boss": true
-  , "debug": true
-  , "eqnull": true
-  , "esnext": true
-  , "evil": true
-  , "expr": true
-  , "funcscope": false
-  , "globalstrict": false
-  , "iterator": false
-  , "lastsemic": true
-  , "laxbreak": true
-  , "laxcomma": true
-  , "loopfunc": true
-  , "multistr": false
-  , "onecase": false
-  , "proto": false
-  , "regexdash": false
-  , "scripturl": true
-  , "smarttabs": false
-  , "shadow": false
-  , "sub": true
-  , "supernew": false
-  , "validthis": true
-  , "browser": true
-  , "couch": false
-  , "devel": false
-  , "dojo": false
-  , "mootools": false
-  , "node": true
-  , "nonstandard": true
-  , "prototypejs": false
-  , "rhino": false
-  , "worker": true
-  , "wsh": false
-  , "nomen": false
-  , "onevar": false
-  , "passfail": false
-}

package/.npmignore

@@ -1 +0,0 @@
-node_modules