test/unit/github-webhook.spec.ts at 16c16f6c233ac6ebecda247d224236eb7719a495 · danielroe.dev/synchub.to

mirror your GitHub repos to tangled.org automatically

synchub.to / test / unit / github-webhook.spec.ts

at 16c16f6c233ac6ebecda247d224236eb7719a495 993 B View raw

Daniel Roe feat: add github app webhook ingress with signature verification 7w ago

 1import { sign, verify } from '@octokit/webhooks-methods'
 2import { describe, expect, it } from 'vitest'
 3
 4describe('github webhook signature verification', () => {
 5  const secret = 'test-webhook-secret'
 6  const payload = JSON.stringify({ action: 'created', installation: { id: 1 } })
 7
 8  it('accepts a valid signature', async () => {
 9    const signature = await sign(secret, payload)
10    expect(await verify(secret, payload, signature)).toBe(true)
11  })
12
13  it('rejects a tampered payload', async () => {
14    const signature = await sign(secret, payload)
15    const tampered = payload.replace('"created"', '"deleted"')
16    expect(await verify(secret, tampered, signature)).toBe(false)
17  })
18
19  it('rejects a wrong secret', async () => {
20    const signature = await sign(secret, payload)
21    expect(await verify('not-the-secret', payload, signature)).toBe(false)
22  })
23
24  it('rejects a malformed signature', async () => {
25    expect(await verify(secret, payload, 'sha256=garbage')).toBe(false)
26  })
27})

Configure Feed

Configure Feed