Add webhook signature validation for Gitea
Signed-off-by: Steven Kriegler <sk.bunsenbrenner@gmail.com>
This commit is contained in:
parent
e5eaa0a593
commit
45c1537f2e
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
giteaSdk "gitea-sonarqube-pr-bot/internal/clients/gitea"
|
giteaSdk "gitea-sonarqube-pr-bot/internal/clients/gitea"
|
||||||
sqSdk "gitea-sonarqube-pr-bot/internal/clients/sonarqube"
|
sqSdk "gitea-sonarqube-pr-bot/internal/clients/sonarqube"
|
||||||
|
"gitea-sonarqube-pr-bot/internal/settings"
|
||||||
webhook "gitea-sonarqube-pr-bot/internal/webhooks/gitea"
|
webhook "gitea-sonarqube-pr-bot/internal/webhooks/gitea"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -42,6 +43,14 @@ func (h *GiteaWebhookHandler) HandleSynchronize(rw http.ResponseWriter, r *http.
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ok, err := isValidWebhook(raw, settings.Gitea.Webhook.Secret, r.Header.Get("X-Gitea-Signature"), "Gitea")
|
||||||
|
if !ok {
|
||||||
|
log.Print(err.Error())
|
||||||
|
rw.WriteHeader(http.StatusPreconditionFailed)
|
||||||
|
io.WriteString(rw, fmt.Sprint(`{"message": "Webhook validation failed. Request rejected."}`))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
w, ok := webhook.NewPullWebhook(raw)
|
w, ok := webhook.NewPullWebhook(raw)
|
||||||
if !ok {
|
if !ok {
|
||||||
rw.WriteHeader(http.StatusUnprocessableEntity)
|
rw.WriteHeader(http.StatusUnprocessableEntity)
|
||||||
|
@ -69,6 +78,14 @@ func (h *GiteaWebhookHandler) HandleComment(rw http.ResponseWriter, r *http.Requ
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ok, err := isValidWebhook(raw, settings.Gitea.Webhook.Secret, r.Header.Get("X-Gitea-Signature"), "Gitea")
|
||||||
|
if !ok {
|
||||||
|
log.Print(err.Error())
|
||||||
|
rw.WriteHeader(http.StatusPreconditionFailed)
|
||||||
|
io.WriteString(rw, fmt.Sprint(`{"message": "Webhook validation failed. Request rejected."}`))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
w, ok := webhook.NewCommentWebhook(raw)
|
w, ok := webhook.NewCommentWebhook(raw)
|
||||||
if !ok {
|
if !ok {
|
||||||
rw.WriteHeader(http.StatusUnprocessableEntity)
|
rw.WriteHeader(http.StatusUnprocessableEntity)
|
||||||
|
|
Loading…
Reference in a new issue