compwright / x-hub-signature
X-Hub-Signature webhook signing utility for PHP
Fund package maintenance!
compwright
Installs: 1 798
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.46
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^10.5
This package is auto-updated.
Last update: 2024-11-10 02:24:23 UTC
README
X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.
Care has been taken to avoid security issues, including timing attacks.
Getting Started
To install:
composer require compwright/x-hub-signature
Usage
Sign a buffer containing a request body:
<?php use Compwright\XHubSignature; use InvalidArgumentException; $signer = new XHubSignature\Sha256(); // Generate the signature header for an outbound webhook, i.e. // // X-Hub-Signature-256: sha256=... // $headerName = $signer->getHeaderName(); $headerValue = $signer->sign($requestBody, $secret); $signatureHeader = $headerName . ': ' . $headerValue; // Verify an inbound webhook $isValid = $signer->verify($signatureHeaderValue, $requestBody, $secret); if ($isValid === false) { throw new InvalidArgumentException('Bad Request'); }
License
MIT License