diff --git a/.gitignore b/.gitignore
index bc7e829..99bc655 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /node_modules/
-/package-lock.json
\ No newline at end of file
+/package-lock.json
+/.env
\ No newline at end of file
diff --git a/package.json b/package.json
index 9055ac9..246fe08 100644
--- a/package.json
+++ b/package.json
@@ -7,10 +7,11 @@
     "start": "node server.js"
   },
   "dependencies": {
+    "body-parser": "^1.20.2",
+    "dotenv": "^16.4.5",
     "express": "^4.17.1",
     "three": "^0.164.1"
   },
-  "devDependencies": {},
   "keywords": [],
   "author": "",
   "license": "ISC"
diff --git a/server.js b/server.js
index 7dc3a33..62a957f 100644
--- a/server.js
+++ b/server.js
@@ -1,12 +1,20 @@
 const express = require('express');
 const path = require('path');
+const bodyParser = require('body-parser')
+const crypto = require('crypto')
+const { exec } = require('child_process')
+require('dotenv').config();
 
 const app = express();
 const PORT = process.env.PORT || 3000;
+const GITEA_SECRET = process.env.GITEA_SECRET;
 
 // Serve static files from the 'public' directory
 app.use(express.static(path.join(__dirname, 'public')));
 
+// Middleware to parse JSON payloads
+app.use(bodyParser.json())
+
 // Custom middleware to handle URLs without .html for specific routes
 app.use((req, res, next) => {
   // Extract the path without any query parameters
@@ -49,6 +57,35 @@ app.get('/articles/:articleName', (req, res) => {
   res.sendFile(path.join(__dirname, 'public/articles', `${articleName}.html`));
 });
 
+// Webhook handler
+app.post('/api', (req, res) => {
+	const signature = req.headers['x-gitea-signature'];
+	const payload = JSON.stringify(req.body);
+  
+	if (!signature || !payload) {
+	  return res.status(400).send('Invalid payload or missing signature');
+	}
+  
+	// Verify the secret
+	const hmac = crypto.createHmac('sha256', GITEA_SECRET);
+	const digest = `sha256=${hmac.update(payload).digest('hex')}`;
+  
+	if (crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest))) {
+	  // Secret is valid, update the repository
+	  exec('/home/gnome.sh', (err, stdout, stderr) => {
+		if (err) {
+		  console.error(`Error updating repository: ${stderr}`);
+		  return res.status(500).send('Server error');
+		}
+  
+		console.log(`Repository updated: ${stdout}`);
+		res.status(200).send('Repository updated successfully');
+	  });
+	} else {
+	  res.status(401).send('Invalid secret');
+	}
+});
+
 // Error handling
 app.use((err, req, res, next) => {
   console.error(err.stack);