Skip to content

Instantly share code, notes, and snippets.

@auggernaut
Created September 10, 2013 22:16
Show Gist options
  • Save auggernaut/6516542 to your computer and use it in GitHub Desktop.
Save auggernaut/6516542 to your computer and use it in GitHub Desktop.
Login, Register, or FBConnect view
<div id="loginRegister">
<div id="login">
<h1>Login</h1>
<input type="text" value="" name="email" class="input-block-level" id="login-email"
placeholder="email" required>
<input type="password" value="" name="password" class="input-block-level" id="signin-password"
placeholder="password" required>
<input type="submit" value="Sign In" name="subscribe" id="login-submit"
class="btn btn-large">
<div id="login-message" class="hide center"></div>
</div>
<div id="register">
<h1>Register</h1>
<input type="text" value="" name="email" class="input-block-level" id="email"
placeholder="email" required>
<input type="password" value="" name="password" class="input-block-level" id="reg-password"
placeholder="password" required>
<input type="submit" value="Register" name="subscribe" id="new-register"
class="btn btn-large">
<div id="register-message" class="hide center"></div>
</div>
<div id="fbconnect">
<h3>Or</h3>
<img src="/img/fb_button.png" alt="FBConnect"/>
</div>
</div>
@sageone
Copy link

sageone commented May 3, 2015

Simple GitHub Webhook Listener

express = require 'express'
bodyParser = require 'body-parser'
crypto = require 'crypto'
bufPack = require 'bufferpack'

app = express()

PORT = process.argv[2] or process.env.PORT or 8081
AUTH_SECRET = process.argv[3] or process.env.SECRET_TOKEN or 'test'

Process Hook

hooks = (ghEvent, data) ->
console.log 'TODO: Process Event:', ghEvent, data

Sign a payload

getSignature = (payload) ->
hmac = crypto.createHmac 'sha1', AUTH_SECRET
hmac.update payload
return 'sha1=' + hmac.digest('hex')

Constant-Time Comparison Function (to avoid timing attacks)

secureCompare = (a, b) ->
bufA = new Buffer a
bufB = new Buffer b

return false if a is '' or b is '' or bufA.length isnt bufB.length

result = 0
l = bufPack.unpack bufA.length + 'B', bufA
result |= byte ^ l.shift() for byte in bufB

return (result is 0)

JSON Parsing & Authentication Middleware

app.use bodyParser.json
verify: (req, res, buf) ->
signature = req.headers['x-hub-signature']
if not secureCompare (getSignature buf), signature
res.status 401
res.send 'FAIL: Unauthorized'
throw {'message': 'Unauthorized'}

GitHub webhook request handler

app.post '/webhook', (req, res) ->
res.send 'OK\n'
hooks req.headers['x-github-event'], req.body

Start the Server

app.listen PORT, -> console.log 'listening on *:' + PORT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment