Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.
Once installed you can use it by using the middleware in your routes file. For example:
Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');
Any requests to the route will now run through the Shield GitHub service which runs the following checks:
<?php
namespace Clarkeash\Shield\Services;
use Illuminate\Http\Request;
class GitHub extends BaseService
{
public function verify(Request $request): bool
{
$generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config('shield.services.github.token'));
return hash_equals($generated, $this->header($request, 'X-Hub-Signature'));
}
public function headers(): array
{
return ['X-Hub-Signature'];
}
}
Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.
Update 10/23/2017
The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at laravel-shield.com.
0 comments:
Post a Comment
Thanks