Browse Source

buffer test

master
Cailean Finn 6 months ago
parent
commit
a7ccc5a233
  1. 8
      server.js

8
server.js

@ -68,10 +68,16 @@ app.post('/api', (req, res) => {
if (!signature || !payload) { if (!signature || !payload) {
return res.status(400).send('Invalid payload or missing signature'); return res.status(400).send('Invalid payload or missing signature');
} }
// Verify the secret // Verify the secret
const hmac = crypto.createHmac('sha256', GITEA_SECRET); const hmac = crypto.createHmac('sha256', GITEA_SECRET);
const digest = `sha256=${hmac.update(payload).digest('hex')}`; const digest = `sha256=${hmac.update(payload).digest('hex')}`;
// Buffer lengths
const bufferSignature = Buffer.from(signature);
const bufferDigest = Buffer.from(digest);
console.log(bufferDigest, bufferSignature)
if (crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest))) { if (crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest))) {
// Secret is valid, update the repository // Secret is valid, update the repository

Loading…
Cancel
Save