Use cryptohash-sha1

Author: phadej

CHANGELOG.md

@@ -1,3 +1,9 @@
+## Changes for next
+
+- Allow http-client-0.6
+
+- Change to use `cryptohash-sha1` (before `cryptohash`)
+
 ## Changes for 0.20
 
 - Add ratelimit endpoint

github.cabal

@@ -149,8 +149,7 @@ Library
     base-compat           >=0.10.4    && <0.11,
     base16-bytestring     >=0.1.1.6   && <0.2,
     binary-orphans        >=0.1.8.0   && <0.2,
-    byteable              >=0.1.1     && <0.2,
-    cryptohash            >=0.11.9    && <0.12,
+    cryptohash-sha1       >=0.11.100.1 && <0.12,
     deepseq-generics      >=0.2.0.0   && <0.3,
     exceptions            >=0.10.0    && <0.11,
     hashable              >=1.2.7.0   && <1.3,

src/GitHub/Data/Webhooks/Validate.hs

@@ -12,9 +12,8 @@ module GitHub.Data.Webhooks.Validate (
 import GitHub.Internal.Prelude
 import Prelude ()
 
-import Crypto.Hash     (HMAC, SHA1, hmac, hmacGetDigest)
-import Data.Byteable   (constEqBytes, toBytes)
-import Data.ByteString (ByteString)
+import Crypto.Hash.SHA1 (hmac)
+import Data.ByteString  (ByteString)
 
 import qualified Data.ByteString.Base16 as Hex
 import qualified Data.Text.Encoding     as TE
@@ -30,10 +29,9 @@ isValidPayload
                     -- including the 'sha1=...' prefix
   -> ByteString     -- ^ the body
   -> Bool
-isValidPayload secret shaOpt payload = maybe False (constEqBytes sign) shaOptBS
+isValidPayload secret shaOpt payload = maybe False (sign ==) shaOptBS
   where
     shaOptBS = TE.encodeUtf8 <$> shaOpt
-    hexDigest = Hex.encode . toBytes . hmacGetDigest
-
-    hm = hmac (TE.encodeUtf8 secret) payload :: HMAC SHA1
+    hexDigest = Hex.encode
+    hm = hmac (TE.encodeUtf8 secret) payload
     sign = "sha1=" <> hexDigest hm