Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.
Once installed you can use it by using the middleware in your routes file. For example:
Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');Any requests to the route will now run through the Shield GitHub service which runs the following checks:
<?php namespace Clarkeash\Shield\Services; use Illuminate\Http\Request; class GitHub extends BaseService{ public function verify(Request $request): bool { $generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config('shield.services.github.token')); return hash_equals($generated, $this->header($request, 'X-Hub-Signature')); } public function headers(): array { return ['X-Hub-Signature']; }}Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.
Update 10/23/2017
The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at laravel-shield.com.
Filed in:
