Cailean Finn 6 months ago
parent
commit
1cc226b40a
  1. 25
      server.js

25
server.js

@ -17,19 +17,13 @@ app.use(bodyParser.json());
// Custom middleware to handle URLs without .html for specific routes
app.use((req, res, next) => {
// Extract the path without any query parameters
const urlPath = req.path.split('?')[0];
// Define routes that should render HTML files without .html extension
const htmlRoutes = ['/about', '/list', '/gallery'];
// Check if the requested path is in the htmlRoutes array
if (htmlRoutes.includes(urlPath)) {
// Append .html to the path and continue
req.url += '.html';
}
// Continue to the next middleware
next();
});
@ -68,17 +62,26 @@ app.post('/api', (req, res) => {
// Verify the secret
const hmac = crypto.createHmac('sha256', GITEA_SECRET);
const digest = `${hmac.update(payload).digest('hex')}`;
const digest = hmac.update(payload).digest('hex');
// Ensure both buffers have the same length before comparing
const bufferSignature = Buffer.from(signature);
const bufferDigest = Buffer.from(digest);
console.log('Signature from Gitea:', signature);
console.log('Computed digest:', digest);
console.log(bufferDigest.length, bufferSignature.length, signature, digest)
const bufferSignature = Buffer.from(signature, 'hex');
const bufferDigest = Buffer.from(digest, 'hex');
if (bufferSignature.length === bufferDigest.length && crypto.timingSafeEqual(bufferSignature, bufferDigest)) {
// Secret is valid, update the repository
res.status(200).send('Repository updated successfully');
// Optionally, execute a shell command to pull the latest changes
exec('git pull', (error, stdout, stderr) => {
if (error) {
console.error(`exec error: ${error}`);
return;
}
console.log(`stdout: ${stdout}`);
console.error(`stderr: ${stderr}`);
});
} else {
res.status(401).send('Invalid secret');
}

Loading…
Cancel
Save