Protect your webhooks with Laravel Shield

Protect your webhooks with Laravel Shield

Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.

Once installed you can use it by using the middleware in your routes file. For example:

Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');

Any requests to the route will now run through the Shield GitHub service which runs the following checks:

<?php

namespace Clarkeash\Shield\Services;

use Illuminate\Http\Request;

class GitHub extends BaseService
{
    public function verify(Request $request): bool
    {
        $generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config('shield.services.github.token'));

        return hash_equals($generated, $this->header($request, 'X-Hub-Signature'));
    }

    public function headers(): array
    {
        return ['X-Hub-Signature'];
    }
}

Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.

Update 10/23/2017

The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at laravel-shield.com.


Filed in: Laravel Packages / webhooks


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Quality Assurance Engineer
Remote
Bisnow Media
Senior PHP/Laravel Developer: Your Dream Work Environment
Remote
iPhone Photography School
Senior Software Engineer
Remote or San Francisco
Curology
Laravel Developer
Las Vegas, NV
V Shred
R&D Developer
Denver, CO
booj
Full-Stack Developer
Paris, France
Wingly
Full Stack Developer
Remote US-Only
atlasMind