cursorius/webhooks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[fix] Gogs signature calc

Browse Source
This commit is contained in:
奶爸
2018-03-19 16:16:01 +08:00
parent fc20b2a250
commit 493e94de50
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gogs/gogs.go
+4 -5
View File
@@ -14,8 +14,7 @@ import (
"github.com/naiba/webhooks" "github.com/naiba/webhooks"
client "github.com/gogits/go-gogs-client" client "github.com/gogits/go-gogs-client"
"crypto/hmac" "crypto/hmac"
"crypto/sha1" "crypto/sha256"
"encoding/hex"
) )
// Webhook instance contains all methods needed to process events // Webhook instance contains all methods needed to process events
@@ -107,12 +106,12 @@ func (hook Webhook) ParsePayload(w http.ResponseWriter, r *http.Request) {
} }
webhooks.DefaultLog.Debug(fmt.Sprintf("X-Gogs-Signature:%s", signature)) webhooks.DefaultLog.Debug(fmt.Sprintf("X-Gogs-Signature:%s", signature))
mac := hmac.New(sha1.New, []byte(hook.secret)) mac := hmac.New(sha256.New, []byte(hook.secret))
mac.Write(payload) mac.Write(payload)
expectedMAC := hex.EncodeToString(mac.Sum(nil)) expectedMAC := mac.Sum(nil)
if !hmac.Equal([]byte(signature[5:]), []byte(expectedMAC)) { if !hmac.Equal([]byte(signature), expectedMAC) {
webhooks.DefaultLog.Error("HMAC verification failed") webhooks.DefaultLog.Error("HMAC verification failed")
http.Error(w, "403 Forbidden - HMAC verification failed", http.StatusForbidden) http.Error(w, "403 Forbidden - HMAC verification failed", http.StatusForbidden)
return return