@octokit/webhooks - npm Package Compare versions

Comparing version 1.0.0 to 2.0.0

test/integration/event-handler-test.js

event-handler/index.js

		module.exports = createEventHandler

		const on = require('./on')
		const receive = require('./receive')
		const removeListener = require('./remove-listener')
		const receive = require('./receive')
		const sign = require('../sign')
		const verify = require('../verify')

		@@ -18,2 +20,4 @@ function createEventHandler (options) {
		return {
		sign: sign.bind(null, state.secret),
		verify: verify.bind(null, state.secret),
		on: on.bind(null, state),
		@@ -20,0 +24,0 @@ removeListener: removeListener.bind(null, state),

event-handler/README.md

		@@ -5,2 +5,4 @@ # event-handler

		🚨 Make sure to _always_ verify that the event request is coming from GitHub itself using the `eventHandler.verify(data, signature)` method.

		## Example
		@@ -14,6 +16,9 @@
		// put this inside your webhooks route handler
		if (!eventHandler.verify(options.data, request.headers['x-github-signature'])) {
		throw new Error('Signature does not match event payload & secret')
		}

		eventHandler.reiceive({
		name: request.headers['X-GitHub-Event'],
		data: request.body,
		signature: request.headers['X-Hub-Signature']
		name: request.headers['x-github-event'],
		data: request.body
		}).catch(handleErrorsFromHooks)
		@@ -24,4 +29,4 @@ ```

		The `event-handler` API implements [`.reiceive()`](../#webhooksreceive), [`.on()`](../#webhookson) and [`.removeListener()`](../#webhooksremovelistener).
		The `event-handler` API implements [`.sign()`](../#webhookssign), [`.verify()`](../#webhooksverify), [`.reiceive()`](../#webhooksreceive), [`.on()`](../#webhookson) and [`.removeListener()`](../#webhooksremovelistener).

		Back to [@octokit/webhooks README](..).

event-handler/receive.js

		@@ -5,3 +5,2 @@ 'use strict'

		const verify = require('../verify')
		const wrapErrorHandler = require('./wrap-error-handler')
		@@ -27,19 +26,2 @@

		if (!options.signature) {
		throw new Error('Event signature not passed')
		}

		const matchesSignature = verify(
		state.secret,
		options.data,
		options.signature
		)

		if (!matchesSignature) {
		const error = new Error('Signature does not match')
		error.status = 400

		return Promise.reject(error)
		}

		let hooks = [].concat(
		@@ -46,0 +28,0 @@ state.hooks[`${options.name}.${options.data.action}`],

index.js

		@@ -6,5 +6,2 @@ module.exports = createWebhooksApi

		const sign = require('./sign')
		const verify = require('./verify')

		function createWebhooksApi (options) {
		@@ -23,4 +20,4 @@ if (!options) {
		return {
		sign: sign.bind(null, options.secret),
		verify: verify.bind(null, options.secret),
		sign: state.eventHandler.sign,
		verify: state.eventHandler.verify,
		on: state.eventHandler.on,
		@@ -27,0 +24,0 @@ removeListener: state.eventHandler.removeListener,

middleware/middleware.js

		@@ -52,2 +52,13 @@ module.exports = middleware

		const matchesSignature = state.eventHandler.verify(
		payload,
		signature
		)

		if (!matchesSignature) {
		response.statusCode = 400
		response.end('x-hub-signature does not match event payload and secret')
		return
		}

		state.eventHandler.receive({
		@@ -54,0 +65,0 @@ id: id,

package.json

		@@ -1,1 +0,1 @@
		{"name":"@octokit/webhooks","version":"1.0.0","publishConfig":{"access":"public"},"description":"GitHub webhook events toolset for Node.js","main":"index.js","directories":{"lib":"lib","test":"test"},"dependencies":{},"devDependencies":{"axios":"^0.17.1","coveralls":"^3.0.0","debug":"^3.1.0","get-port":"^3.2.0","pify":"^3.0.0","semantic-release":"^9.1.1","simple-mock":"^0.8.0","standard":"^10.0.3","tap":"^10.7.3"},"scripts":{"coverage":"tap --coverage-report=html && open coverage/lcov-report/index.html","coverage:upload":"tap --coverage-report=text-lcov \| coveralls","pretest":"standard","test":"tap --100 --coverage 'test/*/-test.js'","semantic-release":"semantic-release"},"repository":{"type":"git","url":"https://github.com/octokit/webhooks.js.git"},"keywords":[],"author":"Gregor Martynus (https://twitter.com/gr2m)","license":"MIT"}
		{"name":"@octokit/webhooks","version":"2.0.0","publishConfig":{"access":"public"},"description":"GitHub webhook events toolset for Node.js","main":"index.js","directories":{"lib":"lib","test":"test"},"dependencies":{},"devDependencies":{"axios":"^0.17.1","coveralls":"^3.0.0","debug":"^3.1.0","get-port":"^3.2.0","pify":"^3.0.0","semantic-release":"^9.1.1","simple-mock":"^0.8.0","standard":"^10.0.3","tap":"^10.7.3"},"scripts":{"coverage":"tap --coverage-report=html && open coverage/lcov-report/index.html","coverage:upload":"tap --coverage-report=text-lcov \| coveralls","pretest":"standard","test":"tap --100 --coverage 'test/*/-test.js'","semantic-release":"semantic-release"},"repository":{"type":"git","url":"https://github.com/octokit/webhooks.js.git"},"keywords":[],"author":"Gregor Martynus (https://twitter.com/gr2m)","license":"MIT"}

README.md

		@@ -156,3 +156,3 @@ # @octokit/webhooks
		```js
		webhooks.receive({name, data, signature})
		webhooks.receive({name, data})
		```
		@@ -190,17 +190,2 @@
		</tr>
		<tr>
		<td>
		<code>
		signature
		</code>
		<em>
		String
		</em>
		</td>
		<td>
		<strong>Required</strong>.
		Passed as <a href="https://developer.github.com/webhooks/#delivery-headers"><code>X-Hub-Signature</code> header</a>
		in the webhook request.
		</td>
		</tr>
		</table>
		@@ -207,0 +192,0 @@

test/integration/server-test.js

		@@ -116,2 +116,32 @@ const http = require('http')

		test('POST / with push event payload (no signature)', (t) => {
		const api = new Webhooks({secret: 'mysecret'})
		const server = http.createServer(api.middleware)

		promisify(server.listen.bind(server))(this.port)

		.then(() => {
		return axios.post(`http://localhost:${this.port}`, pushEventPayload, {
		headers: {
		'X-GitHub-Delivery': '123e4567-e89b-12d3-a456-426655440000',
		'X-GitHub-Event': 'push'
		}
		})
		})

		.then(() => {
		t.fail('should return a 400')
		})

		.catch(error => {
		t.is(error.response.status, 400)
		})

		.then(() => {
		server.close(t.end)
		})

		.catch(t.error)
		})

		test('POST / with push event payload (invalid signature)', (t) => {
		@@ -118,0 +148,0 @@ const api = new Webhooks({secret: 'mysecret'})

test/unit/event-handler-receive-test.js

		@@ -30,8 +30,1 @@ const test = require('tap').test
		})

		test('options: id, name, data', t => {
		t.throws(() => {
		receive(state, {id: '123', name: 'foo', data: {}})
		})
		t.end()
		})

test/integration/receiver-test.js

.travis.yml

Sorry, the diff of this file is not supported yet

@octokit/webhooks - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics