test(worker): verifyGitHubSignature HMAC unit tests (patch)#228
Merged
liplus-lin-lay merged 1 commit intoJun 21, 2026
Merged
Conversation
Move the module-private verifyGitHubSignature out of worker/src/index.ts into a new worker/src/signature.ts (exported verbatim, behavior unchanged) and replace the inline definition with an import. index.ts pulls the full agent / oauth / store graph, so importing the function directly was infeasible for a lightweight unit test; extracting it isolates the pure HMAC-SHA256 logic. Add worker/test/signature.test.ts (tsx --test, node:crypto as an independent signature oracle): valid signature, tampered body, wrong secret, and malformed signature formats (empty / no sha256= prefix / wrong-length hex) all asserted. 署名検証は trust boundary(送信元が本物の GitHub であることと本文改竄なしを 同時保証する)であり subtractive の明示保護領域のためテスト価値が高い。 挙動は不変で、関数を移動して import に差し替えただけ。 Refs #227
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
github-webhook-mcp | 72bf112 | Jun 21 2026, 05:14 AM |
liplus-lin-lay
commented
Jun 21, 2026
liplus-lin-lay
left a comment
liplus-lin-lay
left a comment
Member
Author
There was a problem hiding this comment.
AI self-review (auto mode)
実差分・テスト本体・CI を確認(subagent 報告の裏取り込み)。
コード(挙動不変の検証)
signature.ts:verifyGitHubSignatureをバイト単位で移動+export。crypto ロジック・expected === signature比較とも一切変更なし。trust boundary を説明するコメント追加。index.ts: inline 定義を削除しimport { verifyGitHubSignature } from "./signature.js";を追加。call site(env.GITHUB_WEBHOOK_SECRET, body, sig)は不変。- → 関数の移動のみ。ユーザー/システム観測可能なランタイム変更なし。
テスト
signature.test.ts: 期待署名をnode:cryptoのcreateHmacで独立生成(被験関数で生成しない=自己検証回避)。- 6ケース: 正常署名→true / 本文改竄→false / 別secret→false / 空文字→false /
sha256=prefix 無し→false / 長さ違い hex→false。 - 既存
test/*.test.tsの様式(node:test+node:assert/strict)に追従。tsx --test glob が自動で拾う。
分類
- patch 妥当。
CI
- CI / test / Workers Builds 3本 pass。ローカル
npm test= tsx 53 + vitest 25 = 78本 green、tsc は本変更起因の新規エラーなし(agent.ts の2件は baseline 既存)。
→ approve 相当。squash merge へ。
liplus-lin-lay
deleted the
227-testworker-verifygithubsignature-hmac-verification-tests
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #227
概要
webhook 受け口の HMAC-SHA256 署名検証
verifyGitHubSignatureをテストでカバーする。index.tsの module-private 関数をworker/src/signature.tsに抽出(export付き・挙動は不変)し、index.tsは import に差し替えた。index.tsは agent / oauth / store のフルグラフを import するため関数を直接 import できず、純 HMAC ロジックを切り出すことで軽量 unit test に載せられるようにした。影響スコープ
patch(挙動不変)。署名検証ロジックはバイト単位でそのまま移動しただけで、呼び出し側(
const valid = await verifyGitHubSignature(...))も変更なし。ユーザー/システム観測可能なランタイム変更はない。変更ファイル
worker/src/signature.tsverifyGitHubSignatureを verbatim 抽出+export。trust boundary を説明する先頭コメント追加worker/src/index.tsimport { verifyGitHubSignature } from "./signature.js";に差し替えworker/test/signature.test.tstsx --test純 unit test。期待署名はnode:cryptoのcreateHmacで独立生成(被テスト関数を使わない oracle)テスト内容
truefalsefalsesha256=prefix 無し / 長さ違いの hex)→ すべてfalse確認
npm test(tsx --test test/*.test.ts && vitest run)全 pass。npx tsc --noEmit: 抽出したsignature.tsとindex.tsの import 差し替えは型エラーなし。src/agent.tsの既存エラー2件(MCP SDK の型重複・本 PR と無関係)は変更前から存在し、本変更では増減なし。