mirror of
https://github.com/lazuscripts/githook.git
synced 2024-10-04 05:54:18 +00:00
secret can be stored in utility.settings
This commit is contained in:
parent
8ed4675c87
commit
8fae031e16
@ -118,16 +118,17 @@ class extends lapis.Application
|
|||||||
return render: locate "views.githook_get"
|
return render: locate "views.githook_get"
|
||||||
|
|
||||||
POST: json_params =>
|
POST: json_params =>
|
||||||
if config.githook_secret
|
secret = config.githook_secret or settings["githook.secret"]
|
||||||
|
if secret
|
||||||
ngx.req.read_body!
|
ngx.req.read_body!
|
||||||
if body = ngx.req.get_body_data!
|
if body = ngx.req.get_body_data!
|
||||||
local authorized
|
local authorized
|
||||||
if github_hash = @req.headers["X-Hub-Signature"]
|
if github_hash = @req.headers["X-Hub-Signature"]
|
||||||
authorized = const_compare "sha1=#{hex_dump hmac_sha1 config.githook_secret, body}", github_hash
|
authorized = const_compare "sha1=#{hex_dump hmac_sha1 secret, body}", github_hash
|
||||||
elseif gogs_hash = @req.headers["X-Gogs-Signature"]
|
elseif gogs_hash = @req.headers["X-Gogs-Signature"]
|
||||||
authorized = const_compare gogs_hash, hex_dump hmac_sha256 config.githook_secret, body
|
authorized = const_compare gogs_hash, hex_dump hmac_sha256 secret, body
|
||||||
elseif @params.secret
|
elseif @params.secret
|
||||||
authorized = const_compare @params.secret, config.githook_secret
|
authorized = const_compare @params.secret, secret
|
||||||
unless authorized
|
unless authorized
|
||||||
return unauthorized!
|
return unauthorized!
|
||||||
if @params.ref == "refs/heads/#{@branch}"
|
if @params.ref == "refs/heads/#{@branch}"
|
||||||
|
Loading…
Reference in New Issue
Block a user