@hackage servant-github-webhook0.4.2.0

Servant combinators to facilitate writing GitHub webhooks.

Categories
- Web Development
License
MIT
Maintainer
servant-github-webhook@mail.jerrington.me
Links
Versions
- 0.4.2.0 Wed, 21 Aug 2019
- 0.4.1.0 Sat, 7 Apr 2018
- 0.4.0.0 Sat, 3 Feb 2018
- 0.3.2.1 Wed, 27 Dec 2017
- 0.3.2.0 Mon, 25 Dec 2017
- 0.3.1.0 Sun, 6 Aug 2017

servant-github-webhook

This library facilitates writing Servant routes that can safely act as GitHub webhooks.

Features:

Dispatching to routes based on the type of repository event.
Automatic verification of request signatures.
Route protection expressed in the type system, so webhook routes and regular routes cannot be confused.

Why use servant-github-webhook?

A webhook server needs to be publicly hosted. How can legitimate requests sent by GitHub be distinguished from (malicious) requests sent by other clients?

When a webhook is configured on a repository, a secret key is added. This key is used by GitHub to compute a signature of the request body that it sends; this signature is included in the request headers. The routing combinators in servant-github-webhook compute the signature of the received request body using the same key, and check that the signature in the request headers matches. If it does, then the request is legitimate.

Installation
In your cabal file:
Tested Compilers
- 8.6.5
Dependencies (16)
- base >=4 && <5
- bytestring >=0.10
- text >=1.2
- transformers
- aeson >=0.11
- base16-bytestring >=0.1
Dependents (1)
@hackage/acme-everything

@hackage servant-github-webhook0.4.2.0

Categories

License

Maintainer

Links

Versions

servant-github-webhook

Why use servant-github-webhook?

Installation

Tested Compilers

Dependencies (16)

Dependents (1)