堆栈内存溢出
  简体   繁体   English

为什么我的 Github 密码失败(每个事件都更改)?

[英]Why does my Github secret fail (change on each event)?

 原文  2021-02-16 11:48:18       javascript/ node.js/ github/ ecmascript-6/ webhooks

问题描述

I am trying to verify the Github webhook secret, but each time I trigger an event in Github, the value of req.headers['x-hub-signature']) changes, which doesn't make sense.我正在尝试验证 Github webhook 密码,但每次我在 Github 中触发事件时, req.headers['x-hub-signature'])的值都会发生变化,这没有任何意义。

NodeJs: sha1=b57ad18e45f71ac069d15618f6ca547ed75bb2e9
Github: sha1=0b6ff08d557b240dbadedb2a0c1054ce69f2d93e    <----

NodeJs: sha1=b57ad18e45f71ac069d15618f6ca547ed75bb2e9
Github: sha1=15e3d5edae00951abb180e9eaea9a6278d8f8d0b    <----

Notice the secret that comes from Githit hub is different each time!请注意,来自 Githit hub 的秘密每次都不同!

I have found others that verify the secret, but I don't see how their code is different from mine.我发现其他人验证了这个秘密,但我看不出他们的代码与我的代码有何不同。

Question问题

Can anyone figure out why I get different secrets from Github on each event?谁能弄清楚为什么我在每个事件中都从 Github 得到不同的秘密? Or am I doing something wrong?还是我做错了什么?

const express = require("express");
const bodyParser = require("body-parser");
const crypto = require('crypto');
const secret = "x";

const app = express();
const PORT = 8080;

app.use(bodyParser.json());

app.post("/", (req, res) => {

let sig = "sha1=" + crypto.createHmac('sha1', secret).digest('hex');

  console.log('NodeJs: ' + sig);
  console.log('Github: ' + req.headers['x-hub-signature']);
    
  res.status(200).end();
});

app.listen(PORT, () => console.log(`Github wekhook listening on port ${PORT}`));

1 个解决方案

解决方案1
 1 已采纳  2021-02-16 13:32:35

req.headers['x-hub-signature']) is not a hash of the secret, but req.body signed with the secret. req.headers['x-hub-signature'])不是秘密的 hash,而是用秘密签名的req.body That is why it is different on each event.这就是为什么每个事件都不同的原因。

const express = require("express");
const bodyParser = require("body-parser");
const crypto = require('crypto');
const secret = "x";

const app = express();
const PORT = 8080;

app.use(bodyParser.json());

function isSigOk(request, secret) {
    // calculate the signature
    const expectedSignature = "sha1=" +
        crypto.createHmac("sha1", secret)
            .update(JSON.stringify(request.body))
            .digest("hex");

    // compare the signature against the one in the request
    const signature = request.headers["x-hub-signature"];
    if (signature !== expectedSignature) {
        throw new Error("Invalid signature.");
    };
};

app.post("/", (req, res) => {
  // will throw an error if not ok
  isSigOk(req, secret);

  // Do stuff here

  res.status(200).end();
});

app.listen(PORT, () => console.log(`Github wekhook listening on port ${PORT}`));

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么单击或更改事件都没有触发我的功能? - Why does none of click or change event trigger my function? 为什么 jquery “change” 事件在我的例子中不起作用? - Why jquery “change” event does not work in my example? 为什么将jQuery事件处理程序附加到多个元素后会失败? - Why does my jQuery event handler fail when attached to multiple elements? 为什么我的Redux减速器重构失败了? - Why does my Redux reducer refactor fail? 为什么我的组件无法构建 Url? - Why does my component fail to construct Url? 为什么我的 function 会出现间歇性故障? - Why does my function fail intermittently? 为什么我的img错误函数失败了? - Why does my img error function fail? 为什么我的输入 onChange 事件会更改 object 数组中的多个 state 值? - Why does my onChange event for input change multiple state values in an object array? 为什么我的 Bootstrap 工具提示的标题只随着 jQuery 中的 keydown 事件改变一次? - Why does the title of my Bootstrap tooltip only change once with the keydown event in jQuery? 为什么.attr不会更改每个函数中的属性? - Why .attr does not change the attribute in each function?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM