onixbyte/delta-force-guide-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: implement GitHub webhook HMAC-SHA256 signature verification

Browse Source 
Verify X-Hub-Signature-256 header using CryptoUtil.hmacSha256 from
onixbyte crypto-toolbox. Signature check is skipped when no secret is
configured. Uses MessageDigest.isEqual for constant-time comparison.
This commit is contained in:
Siu Jam Oh
2026-06-01 15:29:32 +08:00
parent 12469f1b27
commit 8c8ca58b74
3 changed files with 87 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
build.gradle.kts
+1
View File
@@ -36,6 +36,7 @@ dependencies {
implementation(libs.onixbyte.identityGenerator)
implementation(libs.onixbyte.captcha)
implementation(libs.onixbyte.regions)
implementation(libs.onixbyte.cryptoToolbox)
implementation(libs.jwt.core)
implementation(libs.spring.boot.configurationProcessor)
implementation(libs.spring.boot.actuator)