Protect your webhooks with Laravel Shield

Protect your webhooks with Laravel Shield

Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.

Once installed you can use it by using the middleware in your routes file. For example:

Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');

Any requests to the route will now run through the Shield GitHub service which runs the following checks:

<?php

namespace Clarkeash\Shield\Services;

use Illuminate\Http\Request;

class GitHub extends BaseService
{
    public function verify(Request $request): bool
    {
        $generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config('shield.services.github.token'));

        return hash_equals($generated, $this->header($request, 'X-Hub-Signature'));
    }

    public function headers(): array
    {
        return ['X-Hub-Signature'];
    }
}

Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.

Update 10/23/2017

The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at laravel-shield.com.

Filed in: Laravel Packages / webhooks
Laravel News Partners

Laravel Jobs

Backend Software Engineer (PHP Developer)
Austin TX, Bonita Springs FL
Certified eSupport Corp
Laravel Developer
Glendale, CA (COVID Remote)
Jogg, Inc
Senior PHP Engineer
Remote, USA Only
Kittyhawk
Full-Stack Engineer (Mid to Senior)
Remote (EST, CST)
Voxie
Senior Laravel Developer (AI Applications)
Remote from anywhere in the UK or from our London office
GreenShoot Labs

Newsletter

Join 31,000+ others and never miss out on new tips, tutorials, and more.