search

matrix-org / matrix-hookshot

A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA.
https://matrix-org.github.io/matrix-hookshot/
Apache License 2.0
293 stars 68 forks source link

[Error]: signature does not match event payload and secret #842

Open mike-pisman opened 1 year ago

mike-pisman commented 1 year ago

Hi, just set up hookshot, tried to send 2 events but got errors. Should webhook secret be a random value or a secrete generated by GitHub app aka "client secrets"?

ERROR 00:34:46:245 [Webhooks] Failed handle GitHubEvent: AggregateError: 
    Error: [@octokit/webhooks] signature does not match event payload and secret
        at verifyAndReceive (/usr/bin/matrix-hookshot/node_modules/@octokit/webhooks/dist-node/index.js:259:19)
        at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
ERROR 00:37:50:204 [Webhooks] Failed handle GitHubEvent: AggregateError: 
    Error: [@octokit/webhooks] signature does not match event payload and secret
        at verifyAndReceive (/usr/bin/matrix-hookshot/node_modules/@octokit/webhooks/dist-node/index.js:259:19)
        at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

What should be the content type of the webhook(application/json or application/x-www-form-url-encoded)?

Do I need to specify room for registration? And if I do do I keep the exclamation mark, i.e. !yVrxYIBfoOPIdTwbEX ?

Can someone share their configs for GitHub please, the registration file for synapse and the registration/configuration for hookshot. I do not understand what I should be putting in url for registration configs.

Half-Shot commented 10 months ago

Sorry, this took a long time to get back to. So this error is because the github.webhook.secret in your config does not match what GitHub has configured in the App settings. Each request from GitHub is signed to prevent forgery, so it will error if there is a mismatch.