Avatar

karfau

Joined August 11, 2023
Public vals
24
karfau avatar
aoc23_08
@karfau
Script
Forked from karfau/aocXX_00
karfau avatar
aoc23_07
@karfau
Script
Forked from karfau/aocXX_00
karfau avatar
aoc23_06
@karfau
Script
Forked from karfau/aocXX_00
karfau avatar
githubEmoji
@karfau
HTTP (deprecated)
Usage import {githubEmojiUrl} from "https://esm.town/v/karfau/githubEmoji"; console.log(githubEmojiUrl('+1')) //"https://github.githubassets.com/images/icons/emoji/unicode/1f44d.png?v8" or in a browser <img src="https://karfau-githubEmoji.web.val.run/+1"></img> Looks like in the preview. curl https://karfau-githubEmoji.web.val.run/+1 (prints "https://github.githubassets.com/images/icons/emoji/unicode/1f44d.png?v8" ) If the name you pass (as argument or in the request path) is not in the list, it returns The list of names can be accessed using githubEmojiNames or by calling https://karfau-githubemoji.web.val.run/names
karfau avatar
aoc23_05
@karfau
Script
Forked from karfau/aocXX_00
karfau avatar
aoc15_06
@karfau
Script
Forked from karfau/aocXX_00
karfau avatar
aoc15_05
@karfau
Script
Forked from karfau/aocXX_00
karfau avatar
chai
@karfau
Script
// @deno-types="https://unpkg.com/@types/chai/index.d.ts"
karfau avatar
aocXX_00
@karfau
Script
Forked from karfau/aoc15_03
karfau avatar
test_getRaw
@karfau
Script
An interactive, runnable TypeScript val by karfau
karfau avatar
getRaw
@karfau
Script
A helper to get the raw data of a val, using the very nice implementation from @pomdtr.raw . Usage: https://www.val.town/v/karfau.test_getRaw Also look at @karfau.rawUrl to just get the raw url of another val inside a val.
karfau avatar
rawUrl
@karfau
Script
A helper for creating the URL to request the raw data of a val, defaulting to use the very nice implementation from @pomdtr.raw . Also look at @karfau.getRaw to get the data of a val inside a val.
karfau avatar
bug_console
@karfau
Script
An interactive, runnable TypeScript val by karfau
karfau avatar
test_SignatureCheck
@karfau
Script
An interactive, runnable TypeScript val by karfau
karfau avatar
SignatureCheck
@karfau
Script
This val has been created to avoid certain shortcomings of @vtdocs.verifyGithubWebhookSignature . So it was created as a mix/evolution of two sources: The github docs about securing webhook Some code from the @octokit/webhhokmethods package This code is covered by tests which you can copy to run them, see @karfau.test_SignatureCheck This val does not contain any val.town specific code ( @ -imports, console.email ...), so it should be possible to run in Deno as is, potentially even in modern browsers (that support crypto and TextEncoder and modern ES syntax). Usage const myGithubWebhook = (req: Request) => { const {verify} = @karfau.SignatureCheck(); // you have to call it to get the verify function! const body = await req.text(); const signature = req.headers.get("X-Hub-Signature-256"); const verified = await verify( {payload:body, signature}, @me.secrets.myGithubWebhookSecret, // optionally provide fallback secrets (as many as needed) // @me.secrets.myGithubWebhookSecretFallback ); if (!verified) { return new Response(`Not verified`, 401); } const payload = JSON.parse(body); // actually do things in your webhook }; By default the reason for failing verification is logged to console.error , but you can pass it a different handler: const {verify} = @karfau.SignatureCheck((reason) => { throw new Error(reason); }); (be aware that it will silently fail if you don't try catch it in an endpoint and the return code will be 502) Why @vtdocs.verifyGithubWebhookSignature has the following issues: it relies on the verify method of the outdated @octokit/webhooks-methods@3.0.2 which has (at least) two bugs that can make a difference when used in a webhook it can throws errors instead of just returning false , which can be triggered by sending an invalid signature it can be lured into checking a SHA1 signature if the signature header starts with sha1= you need to pass the secret and payload as argument to the val, which makes them appear in the evaluation logs you produce ( they are only visible for the author of the val if you run them as an API , but it still feels odd to see the secret in the evaluation logs.) parameters are all of type string and the order can be confused you can not use fallback secrets for rotating
karfau avatar
refToValUrl
@karfau
Script
Forked from neverstew/thisValUrl