Browse Source

hmac

master
Cailean Finn 6 months ago
parent
commit
a414dba46b
  1. 5
      server.js

5
server.js

@ -59,7 +59,6 @@ app.get('/articles/:articleName', (req, res) => {
// Webhook handler // Webhook handler
app.post('/api', (req, res) => { app.post('/api', (req, res) => {
console.log(req)
const signature = req.headers['x-gitea-signature']; const signature = req.headers['x-gitea-signature'];
const payload = JSON.stringify(req.body); const payload = JSON.stringify(req.body);
@ -75,11 +74,11 @@ app.post('/api', (req, res) => {
const bufferSignature = Buffer.from(signature); const bufferSignature = Buffer.from(signature);
const bufferDigest = Buffer.from(digest); const bufferDigest = Buffer.from(digest);
console.log(bufferDigest.length, bufferSignature.length) console.log(bufferDigest.length, bufferSignature.length, hmac, digest)
if (bufferSignature.length === bufferDigest.length && crypto.timingSafeEqual(bufferSignature, bufferDigest)) { if (bufferSignature.length === bufferDigest.length && crypto.timingSafeEqual(bufferSignature, bufferDigest)) {
// Secret is valid, update the repository // Secret is valid, update the repository
res.status(200).send('Repository updated successfully'); res.status(200).send('Repository updated successfully');
} else { } else {
res.status(401).send('Invalid secret'); res.status(401).send('Invalid secret');
} }

Loading…
Cancel
Save