hmacsig

HMAC Signature Validation Middleware (like GitHub Webhooks Uses)

Supports SHA-1 validation via hmacsig.Handler and SHA-256 validation via hmacsig.Handler256

GitHub now recommends SHA-256 over SHA-1 - read more:

https://docs.github.com/en/free-pro-team@latest/developers/webhooks-and-events/securing-your-webhooks

Example

package main

import (
	"log"
	"net/http"

	"github.com/donatj/hmacsig"
)

func main() {
	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("success"))
	})

	s := hmacsig.Handler256(h, "supersecret")

	err := http.ListenAndServe(":8080", s)
	if err != nil {
		log.Fatal(err)
	}
}