Nginx read secret and webhook headers

A Webhook from Github is passing through Nginx proxy.

The webhook uses secret and the header is sent as X-Hub-Signature-256.

I want to make Nginx filtering requests, i.e I need Nginx to take the webhook header value and compare it to $SECRET_TOKEN. If the secret is right, it will send 200 and If not, 403.

I thought of something like this, but could find a way to implement it:

server {
  listen 80;
  server_name _;

  location /payload {
      
      #Read the header sent by the webhook
      #If the header content matches $SECRET_TOKEN I defined on Nginx then return 200
      #Else, return 403 
  }
}

Please help with implementing this pseudo as I couldn't find any example online.

Thanks in advance.


Solution 1:

On http level, create a map:

map $http_x_hub_signature_256 $retcode {
    <token> 200;
    default 403;
}

And your location would be:

location /payload {
    return $retcode;
}