check token
parent
f8ccfbad22
commit
7332471fc5
|
|
@ -10,5 +10,6 @@ class Gitea::Payload
|
|||
include JSON::Serializable
|
||||
|
||||
property repository : Repository
|
||||
property secret : String
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
require "json"
|
||||
require "openssl/hmac"
|
||||
require "openssl/sha1"
|
||||
|
||||
require "./gitea.cr"
|
||||
require "./github.cr"
|
||||
require "./gitlab.cr"
|
||||
|
|
@ -9,6 +12,7 @@ class Payload
|
|||
property kind : String
|
||||
property project : String
|
||||
property content : String
|
||||
property secret : String = ""
|
||||
|
||||
def initialize(req : HTTP::Request)
|
||||
@content = req.body.not_nil!.gets_to_end.to_s
|
||||
|
|
@ -18,23 +22,40 @@ class Payload
|
|||
@kind = "gitea"
|
||||
content = Gitea::Payload.from_json @content
|
||||
@project = content.repository.full_name
|
||||
@secret = content.secret
|
||||
|
||||
elsif agent.starts_with?("GitHub-Hookshot/") && req.headers.has_key?("X-Github-Event")
|
||||
@kind = "github"
|
||||
content = Github::Payload.from_json @content
|
||||
@project = content.repository.full_name
|
||||
hash = req.headers.fetch("X-Hub-Signature", "None")
|
||||
if hash != "None"
|
||||
@secret = hash.to_s
|
||||
end
|
||||
|
||||
elsif req.headers.has_key?("X-Gitlab-Event")
|
||||
@kind = "gitlab"
|
||||
content = Gitlab::Payload.from_json @content
|
||||
@project = content.project.path_with_namespace
|
||||
token = req.headers.fetch("X-Gitlab-Token", "None")
|
||||
if token != "None"
|
||||
@secret = token.to_s
|
||||
end
|
||||
|
||||
else
|
||||
@kind = "undefined"
|
||||
@project = "undefined"
|
||||
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
def check?(token)
|
||||
pp token
|
||||
pp @secret
|
||||
if @kind == "github"
|
||||
data = JSON.parse(@content).to_json
|
||||
given_secret = "sha1=" + OpenSSL::HMAC.hexdigest(:sha1, @secret, data)
|
||||
end
|
||||
|
||||
token == @secret
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ server = HTTP::Server.new do |context|
|
|||
|
||||
path_project = storage + "/" + payload.project
|
||||
path_scriptfile = path_project + "/" + scriptname
|
||||
path_token = path_project + "/token"
|
||||
path_jsonfile = path_project + "/" + jsonfile
|
||||
|
||||
scriptfile = scriptname
|
||||
|
|
@ -73,7 +74,9 @@ server = HTTP::Server.new do |context|
|
|||
|
||||
if File.exists?(path_project) == false
|
||||
STDERR.puts "ERROR: Project #{payload.project} not found"
|
||||
status = false
|
||||
else
|
||||
if !payload.check?(File.read_lines(path_token)[0])
|
||||
STDERR.puts "ERROR: Secret token not valid"
|
||||
else
|
||||
if File.exists?(path_scriptfile) == false
|
||||
scriptfile = path_project + "/../../../" + scriptfile_default
|
||||
|
|
@ -83,6 +86,7 @@ server = HTTP::Server.new do |context|
|
|||
status = Process.run command: "zsh", args: [scriptfile], shell: true,
|
||||
error: STDERR, output: STDOUT, chdir: path_project
|
||||
end
|
||||
end
|
||||
|
||||
context.response.content_type = "text/plain"
|
||||
if status
|
||||
|
|
|
|||
Loading…
Reference in New Issue