check token

2020-12-23 10:21:41 +01:00 · 2020-12-23 10:21:41 +01:00 · 7332471fc5
parent f8ccfbad22
commit 7332471fc5
3 changed files with 35 additions and 9 deletions
--- a/src/gitea.cr
+++ b/src/gitea.cr
@ -10,5 +10,6 @@ class Gitea::Payload
 	include JSON::Serializable

 	property repository : Repository
+	property secret : String
 end
 	
--- a/src/payload.cr
+++ b/src/payload.cr
@ -1,4 +1,7 @@
 require "json"
+require "openssl/hmac"
+require "openssl/sha1"
+
 require "./gitea.cr"
 require "./github.cr"
 require "./gitlab.cr"
@ -6,9 +9,10 @@ require "./gitlab.cr"
 class Payload
 	include JSON::Serializable

-	property kind : String
+	property kind    : String
 	property project : String
 	property content : String
+	property secret  : String = ""

 	def initialize(req : HTTP::Request)
 		@content = req.body.not_nil!.gets_to_end.to_s
@ -18,23 +22,40 @@ class Payload
 			@kind = "gitea"
 			content = Gitea::Payload.from_json @content
 			@project = content.repository.full_name
+			@secret = content.secret

 		elsif agent.starts_with?("GitHub-Hookshot/") && req.headers.has_key?("X-Github-Event")
 			@kind = "github"
 			content = Github::Payload.from_json @content
 			@project = content.repository.full_name
+			hash = req.headers.fetch("X-Hub-Signature", "None")
+      if hash != "None"
+        @secret = hash.to_s
+      end

 		elsif req.headers.has_key?("X-Gitlab-Event")
 			@kind = "gitlab"
 			content = Gitlab::Payload.from_json @content
 			@project = content.project.path_with_namespace
+			token = req.headers.fetch("X-Gitlab-Token", "None")
+      if token != "None"
+        @secret = token.to_s
+      end

 		else
 			@kind = "undefined"
 			@project = "undefined"
-	
 		end
+	end

+	def check?(token)
+		pp token
+		pp @secret
+		if @kind == "github"
+    	data = JSON.parse(@content).to_json
+    	given_secret = "sha1=" + OpenSSL::HMAC.hexdigest(:sha1, @secret, data)
+  	end

+		token == @secret
 	end
 end
--- a/src/webhooksd.cr
+++ b/src/webhooksd.cr
@ -65,6 +65,7 @@ server = HTTP::Server.new do |context|

 		path_project = storage + "/" + payload.project
 		path_scriptfile = path_project + "/" + scriptname
+		path_token = path_project + "/token"
 		path_jsonfile = path_project + "/" + jsonfile

 		scriptfile = scriptname
@ -73,15 +74,18 @@ server = HTTP::Server.new do |context|

 		if File.exists?(path_project) == false
 			STDERR.puts "ERROR: Project #{payload.project} not found"
-			status = false
 		else
-			if File.exists?(path_scriptfile) == false
-				scriptfile = path_project + "/../../../" + scriptfile_default
-			end
+			if !payload.check?(File.read_lines(path_token)[0])
+				STDERR.puts "ERROR: Secret token not valid"
+			else
+				if File.exists?(path_scriptfile) == false
+					scriptfile = path_project + "/../../../" + scriptfile_default
+				end

-			File.write(path_jsonfile, payload.content)
-			status = Process.run command: "zsh", args: [scriptfile], shell: true,
-				error: STDERR, output: STDOUT, chdir: path_project
+				File.write(path_jsonfile, payload.content)
+				status = Process.run command: "zsh", args: [scriptfile], shell: true,
+					error: STDERR, output: STDOUT, chdir: path_project
+			end
 		end

 		context.response.content_type = "text/plain"