Skip to content
This repository has been archived by the owner on Aug 10, 2021. It is now read-only.

danistefanovic/hooka

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

176 Commits

bin

bin

ย 
ย 

docs

docs

ย 
ย 

media

media

ย 
ย 

src

src

ย 
ย 

test

test

ย 
ย 

.babelrc

.babelrc

ย 
ย 

.dockerignore

.dockerignore

ย 
ย 

.editorconfig

.editorconfig

ย 
ย 

.eslintignore

.eslintignore

ย 
ย 

.eslintrc

.eslintrc

ย 
ย 

.gitignore

.gitignore

ย 
ย 

.npmignore

.npmignore

ย 
ย 

.npmrc

.npmrc

ย 
ย 

.travis.yml

.travis.yml

ย 
ย 

CHANGELOG.md

CHANGELOG.md

ย 
ย 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

ย 
ย 

CONTRIBUTING.md

CONTRIBUTING.md

ย 
ย 

Dockerfile

Dockerfile

ย 
ย 

LICENSE

LICENSE

ย 
ย 

README.md

README.md

ย 
ย 

package.json

package.json

ย 
ย 

Repository files navigation

hooka

Build Status Dependency status

Hooka is a webhook server written in Node, which allows you to easily create HTTP endpoints to trigger the execution of configured commands.

Installation

$ npm install -g hooka

Features

  • Zero coding
  • Pass request data to the command
  • Set validation rules to trigger hooks only under certain circumstances
  • TLS/SSL support

Documentation

Basic usage

  1. Create a webhooks.json file:

    Windows users: Replace $MESSAGEwith %MESSAGE%

[
    {
        "method": ["GET", "POST"],
        "path": "/hello",
        "command": "echo Hello world"
    },
    {
        "method": "POST",
        "path": "/hello-again",
        "command": "echo Hello from the other side: $MESSAGE",
        "validate": [
            {
                "source": "jsonBody",
                "find": "payload.token",
                "match": "exactly",
                "value": "MySecret"
            }
        ],
        "parseJson": [
            {
                "query": "payload.hello",
                "variable": "MESSAGE"
            }
        ]
    }
]
  1. Start Hooka in the same directory:
$ hooka

  1. Open http://localhost:3000/hello in your browser to trigger the first hook.

  2. Trigger the second hook with a POST request in a new terminal window:

$ curl \
    -H "Content-Type: application/json" \
    -X POST \
    -d '{"hello": "I love cupcakes", "token": "MySecret"}' \
    http://localhost:3000/hello-again
  1. Now if you go back to your terminal where Hooka is running, you should see something like:

With Docker

Replace /path/to/webhooks.json with the actual path to your webhooks JSON file.

$ docker run -v /path/to/webhooks.json:/src/webhooks.json -p 3000:3000 danistefanovic/hooka

Security

Since anyone could in principle send requests to your webhook server, itโ€™s important to implement some basic security steps to keep your webhooks safe. Here are some tips that can help reduce the risks:

  • Enable TLS/SSL if the transmitted data is sensitive or if you wish to protect against replay attacks
  • Use validation rules to verify that the requests originated from the expected source. For example:
    • Enable HMAC based validation with the hmac-sha1 match type
    • Send a custom token in the payload or as a HTTP header which has to match exactly
  • Obscurity as a security layer:
    • Set hook paths which are not easy to guess
    • Be creative with the HTTP method for the webhook

License

Do whatever you want with it, but don't blame me for anything that goes wrong.

MIT ยฉ Daniel Stefanovic

About

๐Ÿ˜Ž A webhook server with zero coding

Topics

github slack integration deployment webhook bitbucket trigger slack-webhook github-webhook webhook-callbacks webhook-server webhooks-json

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

201 stars

Watchers

9 watching

Forks

16 forks
Report repository

Releases

5 tags

Packages

No packages published

Contributors 3

Languages