breaking: signature option no longer handled in .receive() method

BREAKING CHANGE:

Before, this would throw an error

```js
webhooks.receive({id, name, data, signature: invalid})
```

Now, the `signature` option is ignored as it’s assumed that the request has been already validated. This makes testing much easier, see probot/probot#335 (comment). If you use the EventHandler directly in a framework like hapi, make sure to verify the request before using the receive method using `eventHandler.verify(data, signature)`

Author: gr2m

event-handler/receive.js

@@ -2,7 +2,6 @@
 
 module.exports = receiverHandle
 
-const verify = require('../verify')
 const wrapErrorHandler = require('./wrap-error-handler')
 
 // main handler function
@@ -23,23 +22,6 @@ function receiverHandle (state, options) {
     throw new Error('Event data not passed')
   }
 
-  if (!options.signature) {
-    throw new Error('Event signature not passed')
-  }
-
-  const matchesSignature = verify(
-    state.secret,
-    options.data,
-    options.signature
-  )
-
-  if (!matchesSignature) {
-    const error = new Error('Signature does not match')
-    error.status = 400
-
-    return Promise.reject(error)
-  }
-
   let hooks = [].concat(
     state.hooks[`${options.name}.${options.data.action}`],
     state.hooks[options.name],

index.js

@@ -3,9 +3,6 @@ module.exports = createWebhooksApi
 const createEventHandler = require('./event-handler')
 const middleware = require('./middleware/middleware')
 
-const sign = require('./sign')
-const verify = require('./verify')
-
 function createWebhooksApi (options) {
   if (!options) {
     options = {}
@@ -19,8 +16,8 @@ function createWebhooksApi (options) {
   const webhooksMiddleware = middleware.bind(null, state)
 
   return {
-    sign: sign.bind(null, options.secret),
-    verify: verify.bind(null, options.secret),
+    sign: state.eventHandler.sign,
+    verify: state.eventHandler.verify,
     on: state.eventHandler.on,
     removeListener: state.eventHandler.removeListener,
     receive: state.eventHandler.receive,

middleware/middleware.js

@@ -49,6 +49,17 @@ function middleware (state, request, response, next) {
   request.on('end', () => {
     const payload = Buffer.concat(dataChunks).toString()
 
+    const matchesSignature = state.eventHandler.verify(
+      payload,
+      signature
+    )
+
+    if (!matchesSignature) {
+      response.statusCode = 400
+      response.end('x-hub-signature does not match event payload and secret')
+      return
+    }
+
     state.eventHandler.receive({
       id: id,
       name: eventName,