1
0
Fork 0
mirror of https://codeberg.org/Mo8it/git-webhook-client synced 2024-11-21 11:06:32 +00:00

Successful trigger!

This commit is contained in:
Mo 2022-10-10 17:59:12 +02:00
parent 1c4b5c877c
commit 1220f6635e
3 changed files with 16 additions and 12 deletions

7
Cargo.lock generated
View file

@ -477,6 +477,7 @@ name = "git-webhook-client"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"cached", "cached",
"hex",
"hmac", "hmac",
"rocket", "rocket",
"serde", "serde",
@ -524,6 +525,12 @@ dependencies = [
"libc", "libc",
] ]
[[package]]
name = "hex"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
[[package]] [[package]]
name = "hkdf" name = "hkdf"
version = "0.12.3" version = "0.12.3"

View file

@ -8,6 +8,7 @@ license-file = "LICENSE"
[dependencies] [dependencies]
cached = "0.39.0" cached = "0.39.0"
hex = "0.4.3"
hmac = "0.12.1" hmac = "0.12.1"
rocket = "0.5.0-rc.2" rocket = "0.5.0-rc.2"
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }

View file

@ -65,10 +65,9 @@ fn get_hook_commands(clone_url: &str) -> Option<Vec<String>> {
None None
} }
fn is_valid_signature(received_signature: &[u8], payload: &Vec<u8>) -> bool { fn is_valid_signature(received_signature: &Vec<u8>, payload: &Vec<u8>) -> bool {
type HmacSha256 = Hmac<Sha256>; let mut mac = Hmac::<Sha256>::new_from_slice(&get_secret()).unwrap();
let mut mac = HmacSha256::new_from_slice(&get_secret()).unwrap(); mac.update(&payload);
mac.update(payload);
let expected_signature = mac.finalize().into_bytes(); let expected_signature = mac.finalize().into_bytes();
received_signature[..] == expected_signature[..] received_signature[..] == expected_signature[..]
@ -98,7 +97,7 @@ impl<'r> FromData<'r> for Repo<'r> {
let mut received_signatures = req.headers().get("X-GITEA-SIGNATURE"); let mut received_signatures = req.headers().get("X-GITEA-SIGNATURE");
let received_signature = match received_signatures.next() { let received_signature = match received_signatures.next() {
Some(signature) => signature.as_bytes(), Some(signature) => hex::decode(signature).unwrap(),
None => return Outcome::Failure((Status::BadRequest, Self::Error::MissingSignature)), None => return Outcome::Failure((Status::BadRequest, Self::Error::MissingSignature)),
}; };
@ -106,22 +105,19 @@ impl<'r> FromData<'r> for Repo<'r> {
return Outcome::Failure((Status::BadRequest, Self::Error::MoreThatOneSignature)); return Outcome::Failure((Status::BadRequest, Self::Error::MoreThatOneSignature));
} }
if !is_valid_signature(received_signature, &payload) { if !is_valid_signature(&received_signature, &payload) {
return Outcome::Failure((Status::BadRequest, Self::Error::InvalidSignature)); return Outcome::Failure((Status::BadRequest, Self::Error::InvalidSignature));
} }
let json: Value = serde_json::from_slice(&payload).unwrap(); let json: Value = serde_json::from_slice(&payload).unwrap();
let repo = json.get("repository").unwrap(); let repo = json.get("repository").unwrap();
let repo_name = repo.get("repo_name").unwrap().as_str().unwrap().to_string(); let name = repo.get("name").unwrap().as_str().unwrap().to_string();
let clone_url = repo.get("clone_url").unwrap().as_str().unwrap().to_string(); let clone_url = repo.get("clone_url").unwrap().as_str().unwrap().to_string();
let repo_name = request::local_cache!(req, repo_name); let name = request::local_cache!(req, name);
let clone_url = request::local_cache!(req, clone_url); let clone_url = request::local_cache!(req, clone_url);
Outcome::Success(Repo { Outcome::Success(Repo { name, clone_url })
name: repo_name,
clone_url,
})
} }
} }