Skip to content
/ hmacsig Public

HMAC Signature Validation Middleware (e.g. for GitHub Webhooks)

License

Notifications You must be signed in to change notification settings

donatj/hmacsig

Folders and files

NameName
Last commit message
Last commit date

Latest commit

26a713f · Jul 28, 2024

History

51 Commits
Jul 28, 2024
Dec 29, 2020
Jul 20, 2018
Dec 29, 2020
Jul 28, 2024
Jul 28, 2024
Jul 28, 2024

Repository files navigation

hmacsig

GoDoc Go Report Card CI

HMAC Signature Validation Middleware (like GitHub Webhooks Uses)

Supports SHA-1 validation via hmacsig.Handler and SHA-256 validation via hmacsig.Handler256

GitHub now recommends SHA-256 over SHA-1 - read more:

https://docs.github.com/en/free-pro-team@latest/developers/webhooks-and-events/securing-your-webhooks

Example

package main

import (
	"log"
	"net/http"

	"github.com/donatj/hmacsig"
)

func main() {
	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("success"))
	})

	s := hmacsig.Handler256(h, "supersecret")

	err := http.ListenAndServe(":8080", s)
	if err != nil {
		log.Fatal(err)
	}
}