Skip to content

Interhyp/caddy-module-github-like-webhook-validation-payload

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
renovate.json
renovate.json
 
 

Repository files navigation

Caddy GitHub Webhook Payload Validation Module

This Caddy handler module validates all GitHub-Like webhook payloads by using a shared secret. It ensures that the incoming webhooks are legitimate and come from GitHub or for example Spacelift, thereby enhancing security for your application.

Directive

The directive for this module is validate_github_webhook_payload.

Features

  • Validates GitHub webhook payloads.
  • Validates Spacelift webhook payloads.
  • Uses a shared secret to ensure the request integrity.
  • Compatible with Caddy v2.

Installation

To use this module, you will need to build Caddy with the module included. Here's how you can do it:

  1. Install xcaddy:

    $ go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest

  2. Build Caddy with the validate_github_like_webhook_payload module:

    $ xcaddy build --with github.com/Interhyp/validate_github_like_webhook_payload

Configuration

To configure the validate_github_like_webhook_payload directive in your Caddyfile, provide the secret that you will use to validate the webhook payload.

Caddyfile Example

{
    # Global options block
}

:80

validate_github_like_webhook_payload <your_secret_here> <signature_header_field_name_here>

route {
    # Your other directives
    reverse_proxy http://localhost:8080
}

Replace <your_secret_here> with the actual secret that you have configured in your GitHub webhook settings. Replace <signature_header_field_name_here> with the actual name of header transporting signature of webhook payload. It's X-Signature-256 for Spacelift or X-Hub-Signature-256 for Github for example.

Usage

  1. Generate a Secret: Generate a secret, which will be used to sign the payload. You can use any method to generate a secure random string.

  2. Setup GitHub Webhook: In your GitHub repository settings, add a new webhook and set the secret to the one you generated. The webhook URL should point to the endpoint managed by your Caddy server.

  3. Run Caddy: Start Caddy with your configured Caddyfile. The server will now validate incoming webhook requests using the provided secret.

Example

Given the following configuration:

  • Webhook URL: http://yourdomain.com/webhook
  • Secret: my_super_secret

The Caddyfile would be:

{
    # Global options block
}

:80

validate_github_like_webhook_payload my_super_secret X-Hub-Signature-256

route {
    handle_path /webhook {
        # Your webhook handler directives
        reverse_proxy http://localhost:8080
    }
}

In this example, Caddy will verify the incoming webhook payloads sent to /webhook using the secret my_super_secret and containg signature inside of X-Hub-Signature-256 header field.

Contribution

Contributions are welcome! Please feel free to submit a pull request or open an issue.

License

This project is licensed under the MIT License. See the LICENSE file for more details.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.0.2 Latest
Nov 27, 2024
+ 2 releases

Packages

No packages published

Languages

  • Go 100.0%