added Gitea support, improved security of const_compare

2024-11-18 03:04:23 +00:00 · 2018-05-11 13:38:54 -07:00 · 2018-05-11 13:38:54 -07:00 · 8ed4675c87
commit 8ed4675c87
parent 6158011da9
1 changed files with 3 additions and 1 deletions
--- a/githook.moon
+++ b/githook.moon
@ -13,7 +13,7 @@ import insert, concat from table
 const_compare = (string1, string2) ->
  local fail, dummy

-  for i = 1, math.max #string1, #string2
+  for i = 1, math.max #string1, #string2, 100
    if string1\sub(i,i) ~= string2\sub(i,i)
      fail = true
    else
@ -126,6 +126,8 @@ class extends lapis.Application
            authorized = const_compare "sha1=#{hex_dump hmac_sha1 config.githook_secret, body}", github_hash
          elseif gogs_hash = @req.headers["X-Gogs-Signature"]
            authorized = const_compare gogs_hash, hex_dump hmac_sha256 config.githook_secret, body
+          elseif @params.secret
+            authorized = const_compare @params.secret, config.githook_secret
          unless authorized
            return unauthorized!
          if @params.ref == "refs/heads/#{@branch}"