try

server.js

@@ -17,19 +17,13 @@ app.use(bodyParser.json());
 
 // Custom middleware to handle URLs without .html for specific routes
 app.use((req, res, next) => {
-  // Extract the path without any query parameters
   const urlPath = req.path.split('?')[0];
-
-  // Define routes that should render HTML files without .html extension
   const htmlRoutes = ['/about', '/list', '/gallery'];
 
-  // Check if the requested path is in the htmlRoutes array
   if (htmlRoutes.includes(urlPath)) {
-    // Append .html to the path and continue
     req.url += '.html';
   }
 
-  // Continue to the next middleware
   next();
 });
 
@@ -68,17 +62,26 @@ app.post('/api', (req, res) => {
 
   // Verify the secret
   const hmac = crypto.createHmac('sha256', GITEA_SECRET);
-  const digest = `${hmac.update(payload).digest('hex')}`;
+  const digest = hmac.update(payload).digest('hex');
 
-  // Ensure both buffers have the same length before comparing
+  console.log('Signature from Gitea:', signature);
-  const bufferSignature = Buffer.from(signature);
+  console.log('Computed digest:', digest);
-  const bufferDigest = Buffer.from(digest);
 
-  console.log(bufferDigest.length, bufferSignature.length, signature, digest)
+  const bufferSignature = Buffer.from(signature, 'hex');
+  const bufferDigest = Buffer.from(digest, 'hex');
 
   if (bufferSignature.length === bufferDigest.length && crypto.timingSafeEqual(bufferSignature, bufferDigest)) {
     // Secret is valid, update the repository
     res.status(200).send('Repository updated successfully');
+    // Optionally, execute a shell command to pull the latest changes
+    exec('git pull', (error, stdout, stderr) => {
+      if (error) {
+        console.error(`exec error: ${error}`);
+        return;
+      }
+      console.log(`stdout: ${stdout}`);
+      console.error(`stderr: ${stderr}`);
+    });
   } else {
     res.status(401).send('Invalid secret');
   }