Protect your webhooks with Laravel Shield

Protect your webhooks with Laravel Shield

Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.

Once installed you can use it by using the middleware in your routes file. For example:

Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');

Any requests to the route will now run through the Shield GitHub service which runs the following checks:

<?php

namespace Clarkeash\Shield\Services;

use Illuminate\Http\Request;

class GitHub extends BaseService
{
    public function verify(Request $request): bool
    {
        $generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config('shield.services.github.token'));

        return hash_equals($generated, $this->header($request, 'X-Hub-Signature'));
    }

    public function headers(): array
    {
        return ['X-Hub-Signature'];
    }
}

Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.

Update 10/23/2017

The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at laravel-shield.com.


Filed in: Laravel Packages / webhooks


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior PHP/Laravel Developer: Your Dream Work Environment
Remote
iPhone Photography School
In-house Laravel Developer.
Gold Coast / Australia
MXstore
Laravel Developer
Oak Brook, IL
Tidal Commerce
Senior Backend Engineer
Santa Monica only
Saatchi Art
Senior Laravel Developer
San Francisco
Stitch Labs
Senior Software Developer
South Jordan, UT
Lendio
Full-Stack Developer
Paris, France
Wingly