check token

src/gitea.cr

@@ -10,5 +10,6 @@ class Gitea::Payload
 	include JSON::Serializable
 
 	property repository : Repository
+	property secret : String
 end
 	

src/payload.cr

@@ -1,4 +1,7 @@
 require "json"
+require "openssl/hmac"
+require "openssl/sha1"
+
 require "./gitea.cr"
 require "./github.cr"
 require "./gitlab.cr"
@@ -9,6 +12,7 @@ class Payload
 	property kind    : String
 	property project : String
 	property content : String
+	property secret  : String = ""
 
 	def initialize(req : HTTP::Request)
 		@content = req.body.not_nil!.gets_to_end.to_s
@@ -18,23 +22,40 @@ class Payload
 			@kind = "gitea"
 			content = Gitea::Payload.from_json @content
 			@project = content.repository.full_name
+			@secret = content.secret
 
 		elsif agent.starts_with?("GitHub-Hookshot/") && req.headers.has_key?("X-Github-Event")
 			@kind = "github"
 			content = Github::Payload.from_json @content
 			@project = content.repository.full_name
+			hash = req.headers.fetch("X-Hub-Signature", "None")
+      if hash != "None"
+        @secret = hash.to_s
+      end
 
 		elsif req.headers.has_key?("X-Gitlab-Event")
 			@kind = "gitlab"
 			content = Gitlab::Payload.from_json @content
 			@project = content.project.path_with_namespace
+			token = req.headers.fetch("X-Gitlab-Token", "None")
+      if token != "None"
+        @secret = token.to_s
+      end
 
 		else
 			@kind = "undefined"
 			@project = "undefined"
-	
+		end
-		end
+	end
-
+
-
+	def check?(token)
+		pp token
+		pp @secret
+		if @kind == "github"
+    	data = JSON.parse(@content).to_json
+    	given_secret = "sha1=" + OpenSSL::HMAC.hexdigest(:sha1, @secret, data)
+  	end
+
+		token == @secret
 	end
 end

src/webhooksd.cr

@@ -65,6 +65,7 @@ server = HTTP::Server.new do |context|
 
 		path_project = storage + "/" + payload.project
 		path_scriptfile = path_project + "/" + scriptname
+		path_token = path_project + "/token"
 		path_jsonfile = path_project + "/" + jsonfile
 
 		scriptfile = scriptname
@@ -73,7 +74,9 @@ server = HTTP::Server.new do |context|
 
 		if File.exists?(path_project) == false
 			STDERR.puts "ERROR: Project #{payload.project} not found"
-			status = false
+		else
+			if !payload.check?(File.read_lines(path_token)[0])
+				STDERR.puts "ERROR: Secret token not valid"
 			else
 				if File.exists?(path_scriptfile) == false
 					scriptfile = path_project + "/../../../" + scriptfile_default
@@ -83,6 +86,7 @@ server = HTTP::Server.new do |context|
 				status = Process.run command: "zsh", args: [scriptfile], shell: true,
 					error: STDERR, output: STDOUT, chdir: path_project
 			end
+		end
 
 		context.response.content_type = "text/plain"
 		if status