Add webhook signature validation for Gitea
Signed-off-by: Steven Kriegler <sk.bunsenbrenner@gmail.com>
This commit is contained in:
parent
e5eaa0a593
commit
45c1537f2e
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
giteaSdk "gitea-sonarqube-pr-bot/internal/clients/gitea"
|
||||
sqSdk "gitea-sonarqube-pr-bot/internal/clients/sonarqube"
|
||||
"gitea-sonarqube-pr-bot/internal/settings"
|
||||
webhook "gitea-sonarqube-pr-bot/internal/webhooks/gitea"
|
||||
)
|
||||
|
||||
|
@ -42,6 +43,14 @@ func (h *GiteaWebhookHandler) HandleSynchronize(rw http.ResponseWriter, r *http.
|
|||
return
|
||||
}
|
||||
|
||||
ok, err := isValidWebhook(raw, settings.Gitea.Webhook.Secret, r.Header.Get("X-Gitea-Signature"), "Gitea")
|
||||
if !ok {
|
||||
log.Print(err.Error())
|
||||
rw.WriteHeader(http.StatusPreconditionFailed)
|
||||
io.WriteString(rw, fmt.Sprint(`{"message": "Webhook validation failed. Request rejected."}`))
|
||||
return
|
||||
}
|
||||
|
||||
w, ok := webhook.NewPullWebhook(raw)
|
||||
if !ok {
|
||||
rw.WriteHeader(http.StatusUnprocessableEntity)
|
||||
|
@ -69,6 +78,14 @@ func (h *GiteaWebhookHandler) HandleComment(rw http.ResponseWriter, r *http.Requ
|
|||
return
|
||||
}
|
||||
|
||||
ok, err := isValidWebhook(raw, settings.Gitea.Webhook.Secret, r.Header.Get("X-Gitea-Signature"), "Gitea")
|
||||
if !ok {
|
||||
log.Print(err.Error())
|
||||
rw.WriteHeader(http.StatusPreconditionFailed)
|
||||
io.WriteString(rw, fmt.Sprint(`{"message": "Webhook validation failed. Request rejected."}`))
|
||||
return
|
||||
}
|
||||
|
||||
w, ok := webhook.NewCommentWebhook(raw)
|
||||
if !ok {
|
||||
rw.WriteHeader(http.StatusUnprocessableEntity)
|
||||
|
|
Loading…
Reference in a new issue