X-Hub-Signature does not match blob signature

[almamlaka]

using my own function works but it crash with github-webhook-handler:

    const createComparisonSignature = (body) => {
      const hmac = crypto.createHmac('sha1', process.env.GITHUB_SECRET);
      const self_signature = hmac.update(JSON.stringify(body)).digest('hex');
      return `sha1=${self_signature}`; // shape in GitHub header
    }
    const compareSignatures = (signature, comparison_signature) => {
      const source = Buffer.from(signature);
      const comparison = Buffer.from(comparison_signature);
      return crypto.timingSafeEqual(source, comparison); // constant time comparison
    }
    const { headers, body } = req;
    const signature = headers['x-hub-signature'];
    const comparison_signature = createComparisonSignature(req.body);
    if (!compareSignatures(signature, comparison_signature)) {
      return res.status(401).send('Mismatched signatures');
    } else {
      console.log("signature match")
      const { action, ...payload } = body;
      req.event_type = headers['x-github-event']; // one of: https://developer.github.com/v3/activity/events/types/ 
      req.action = action;
      req.payload = payload;
      next();
    }
    return next()

please let me know if there is any solution

[twesix]

I have the same issue too. But the project seems to be obsoleted because the issue exists for a long time and there is no response from the maintaining team.

[Rem486]

I have forked a repository git-webhook-handler, I am using it. You can try it.