|
@ -68,10 +68,16 @@ app.post('/api', (req, res) => { |
|
|
if (!signature || !payload) { |
|
|
if (!signature || !payload) { |
|
|
return res.status(400).send('Invalid payload or missing signature'); |
|
|
return res.status(400).send('Invalid payload or missing signature'); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
// Verify the secret
|
|
|
// Verify the secret
|
|
|
const hmac = crypto.createHmac('sha256', GITEA_SECRET); |
|
|
const hmac = crypto.createHmac('sha256', GITEA_SECRET); |
|
|
const digest = `sha256=${hmac.update(payload).digest('hex')}`; |
|
|
const digest = `sha256=${hmac.update(payload).digest('hex')}`; |
|
|
|
|
|
|
|
|
|
|
|
// Buffer lengths
|
|
|
|
|
|
const bufferSignature = Buffer.from(signature); |
|
|
|
|
|
const bufferDigest = Buffer.from(digest); |
|
|
|
|
|
|
|
|
|
|
|
console.log(bufferDigest, bufferSignature) |
|
|
|
|
|
|
|
|
if (crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest))) { |
|
|
if (crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest))) { |
|
|
// Secret is valid, update the repository
|
|
|
// Secret is valid, update the repository
|
|
|