GithubHelp home page GithubHelp logo

samkenxstream / github-api-signature Goto Github PK

View Code? Open in Web Editor NEW

This project forked from gitbookio/github-api-signature

0.0 0.0 1.0 975 KB

Node.js signature generator for GitHub API using a PGP key

TypeScript 100.00%

github-api-signature's Introduction

github-api-signature

npm version CircleCI

Node.js signature generator for GitHub API using a PGP key.

Install

$ npm i github-api-signature

or

$ yarn add github-api-signature

API

generateKeyPair

This method returns a Promise containing two properties publicKey and privateKey which are both strings.

It generates a public and private PGP keys pair that can be used to sign commits with GitHub API using a GitHub user's informations and a passphrase.

The public key should be added to the user's settings. The private key is then used with the createSignature method to sign the commit with the committer informations extracted from the payload sent to the API.

Usage
import { generateKeyPair } from 'github-api-signature';

const passphrase: string = 'my secret phrase';

const user: UserInformations = {
    name: 'Dohn Joe',
    email: '[email protected]'
};

// Optional number of bits for the generated RSA keys pair.
// Defaults to the maximum value 4096.
const rsaBits = 4096;
const type: 'ecc' | 'rsa' = 'ecc';

generateKeyPair(user, passphrase, rsaBits, type)
.then((keyPair: KeyPair) => {
    // keyPair = {
    //     publicKey: '-----BEGIN PGP PUBLIC KEY BLOCK-----...',
    //     privateKey: '-----BEGIN PGP PRIVATE KEY BLOCK-----...'
    // };

    // Add publicKey to Dohn Joe's GitHub account settings.
    // Use privateKey to create commits signatures for Dohn Joe's as committer.
});
Type definitions
async function generateKeyPair(
    user: UserInformations,
    passphrase: string,
    type: 'ecc' | 'rsa' = 'ecc',
    rsaBits: number = 4096
): Promise<KeyPair>

type UserInformations = {
    name: string,
    email: string
};

type KeyPair = {
    publicKey: string,
    privateKey: string
};

createSignature

This method returns a Promise containing a string which is the PGP signature that should be used on the GitHub API to sign your commit with the committer informations.

Use this method with the same payload that you would send to the GitHub API POST /repos/:owner/:repo/git/commits endpoint.

It accepts either an already git-computed commit payload (see GitHub's example) which is the git content for a commit object, or a CommitPayload object.

When using a CommitPayload object, the author argument is mandatory, as opposed to the optional argument for the API. This is necessary since we need to generate the commit message string with the same date argument as GitHub will do to verify the signature.

The committer argument is still optional and will default to the author value if omitted.

In the following example, the commit will be signed for Dohn Joe. Hence, privateKey should be generated using Dohn Joe's informations.

Usage
import { createSignature, commitToString } from 'github-api-signature';

const privateKey: string = `-----BEGIN PGP PRIVATE KEY BLOCK-----

// Private key content //
-----END PGP PRIVATE KEY BLOCK-----`;

const passphrase: string = 'my secret phrase';

const commit: CommitPayload = {
    message: 'Commit message',
    tree: 'tree-sha',
    parents: ['parent-sha'],
    author: {
        name: 'John Doe',
        email: '[email protected]',
        date: '2018-01-01T00:00:00.000Z'
    },
    // Optional committer informations
    // Defaults to <author>
    committer: {
        name: 'Dohn Joe',
        email: '[email protected]',
        date: '2018-01-01T00:00:00.000Z'
    }
};

// Using a CommitPayload object
createSignature(commit, privateKey, passphrase)
.then((signature: string) => {
    // signature = `-----BEGIN PGP SIGNATURE-----
    //
    // // Signature content
    // -----END PGP SIGNATURE-----`;

    const apiPayload = {
        ...commit,
        signature
    };

    // Use signature with GitHub API
    // https://developer.github.com/v3/git/commits/#create-a-commit
    // POST /repos/:owner/:repo/git/commits
});

// Using a git-computed commit payload string
// commitToString returns the same format as "git cat-file -p <commit-sha>"
const commitStr = commitToString(commit);
createSignature(commitStr, privateKey, passphrase)
.then((signature: string) => {
    // ...
});
Type definitions
async function createSignature(
    commit: CommitPayload | string,
    privateKey: string,
    passphrase: string
): Promise<string> {}

type UserInformations = {
    name: string,
    email: string
};

type GitHubUser = UserInformations & {
    date: string
};

type CommitPayload = {
    message: string,
    tree: string,
    parents: string[],
    author: GitHubUser,
    committer?: GitHubUser
};

github-api-signature's People

Contributors

dependabot[bot] avatar jpreynat avatar samkenxstream avatar

Forkers

samkenx-hub-community

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.