From 26ea78301aca8e53e6626872e5b03a44df72ec46 Mon Sep 17 00:00:00 2001 From: Cailean Finn Date: Tue, 18 Jun 2024 21:37:26 +0100 Subject: [PATCH] change --- server.js | 74 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 40 insertions(+), 34 deletions(-) diff --git a/server.js b/server.js index 6cea193..fbd173d 100644 --- a/server.js +++ b/server.js @@ -12,8 +12,12 @@ const GITEA_SECRET = "123"; // Serve static files from the 'public' directory app.use(express.static(path.join(__dirname, 'public'))); -// Middleware to parse JSON payloads -app.use(bodyParser.json()); +// Middleware to capture raw body +app.use(bodyParser.json({ + verify: (req, res, buf, encoding) => { + req.rawBody = buf.toString(encoding || 'utf8'); + } +})); // Custom middleware to handle URLs without .html for specific routes app.use((req, res, next) => { @@ -53,38 +57,40 @@ app.get('/articles/:articleName', (req, res) => { // Webhook handler app.post('/api', (req, res) => { - const signature = req.headers['x-gitea-signature']; - const payload = JSON.stringify(req.body); - - if (!signature || !payload) { - return res.status(400).send('Invalid payload or missing signature'); - } - - // Verify the secret - const hmac = crypto.createHmac('sha256', GITEA_SECRET); - const digest = hmac.update(payload).digest('hex'); - - console.log('Signature from Gitea:', signature); - console.log('Computed digest:', digest); - - const bufferSignature = Buffer.from(signature, 'hex'); - const bufferDigest = Buffer.from(digest, 'hex'); - - if (bufferSignature.length === bufferDigest.length && crypto.timingSafeEqual(bufferSignature, bufferDigest)) { - // Secret is valid, update the repository - res.status(200).send('Repository updated successfully'); - // Optionally, execute a shell command to pull the latest changes - exec('git pull', (error, stdout, stderr) => { - if (error) { - console.error(`exec error: ${error}`); - return; - } - console.log(`stdout: ${stdout}`); - console.error(`stderr: ${stderr}`); - }); - } else { - res.status(401).send('Invalid secret'); - } + const signature = req.headers['x-gitea-signature']; + const payload = req.rawBody; + + if (!signature || !payload) { + return res.status(400).send('Invalid payload or missing signature'); + } + + // Verify the secret + const hmac = crypto.createHmac('sha256', GITEA_SECRET); + const digest = hmac.update(payload).digest('hex'); + + console.log('Signature from Gitea:', signature); + console.log('Computed digest:', digest); + console.log('Payload:', payload); + console.log('Secret:', GITEA_SECRET); + + const bufferSignature = Buffer.from(signature, 'hex'); + const bufferDigest = Buffer.from(digest, 'hex'); + + if (bufferSignature.length === bufferDigest.length && crypto.timingSafeEqual(bufferSignature, bufferDigest)) { + // Secret is valid, update the repository + res.status(200).send('Repository updated successfully'); + // Optionally, execute a shell command to pull the latest changes + exec('git pull', (error, stdout, stderr) => { + if (error) { + console.error(`exec error: ${error}`); + return; + } + console.log(`stdout: ${stdout}`); + console.error(`stderr: ${stderr}`); + }); + } else { + res.status(401).send('Invalid secret'); + } }); // Error handling