diff options
| author | techknowlogick <matti@mdranta.net> | 2019-03-25 20:08:55 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-25 20:08:55 -0400 |
| commit | 22d3d029e6f7e6359f3a6fbe8b7827b579ac7445 (patch) | |
| tree | b240bfdb67000f97566e1de7248ca4c98cb38b6b | |
| parent | 909feaafa7ca1a2529a381b2ff19c02f99e0153e (diff) | |
| download | gitea-22d3d029e6f7e6359f3a6fbe8b7827b579ac7445.tar.gz gitea-22d3d029e6f7e6359f3a6fbe8b7827b579ac7445.zip | |
Add signatures to webhooks (#6428)
| -rw-r--r-- | models/webhook.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/models/webhook.go b/models/webhook.go index 1c6fc45ae3..cb5b5c7c97 100644 --- a/models/webhook.go +++ b/models/webhook.go @@ -6,7 +6,10 @@ package models import ( + "crypto/hmac" + "crypto/sha256" "crypto/tls" + "encoding/hex" "encoding/json" "fmt" "io/ioutil" @@ -101,6 +104,7 @@ type Webhook struct { RepoID int64 `xorm:"INDEX"` OrgID int64 `xorm:"INDEX"` URL string `xorm:"url TEXT"` + Signature string `xorm:"TEXT"` ContentType HookContentType Secret string `xorm:"TEXT"` Events string `xorm:"TEXT"` @@ -529,6 +533,7 @@ type HookTask struct { UUID string Type HookTaskType URL string `xorm:"TEXT"` + Signature string `xorm:"TEXT"` api.Payloader `xorm:"-"` PayloadContent string `xorm:"TEXT"` ContentType HookContentType @@ -657,11 +662,23 @@ func prepareWebhook(e Engine, w *Webhook, repo *Repository, event HookEventType, payloader = p } + var signature string + if len(w.Secret) > 0 { + data, err := payloader.JSONPayload() + if err != nil { + log.Error(2, "prepareWebhooks.JSONPayload: %v", err) + } + sig := hmac.New(sha256.New, []byte(w.Secret)) + sig.Write(data) + signature = hex.EncodeToString(sig.Sum(nil)) + } + if err = createHookTask(e, &HookTask{ RepoID: repo.ID, HookID: w.ID, Type: w.HookTaskType, URL: w.URL, + Signature: signature, Payloader: payloader, ContentType: w.ContentType, EventType: event, @@ -712,8 +729,10 @@ func (t *HookTask) deliver() { req := httplib.Post(t.URL).SetTimeout(timeout, timeout). Header("X-Gitea-Delivery", t.UUID). Header("X-Gitea-Event", string(t.EventType)). + Header("X-Gitea-Signature", t.Signature). Header("X-Gogs-Delivery", t.UUID). Header("X-Gogs-Event", string(t.EventType)). + Header("X-Gogs-Signature", t.Signature). HeaderWithSensitiveCase("X-GitHub-Delivery", t.UUID). HeaderWithSensitiveCase("X-GitHub-Event", string(t.EventType)). SetTLSClientConfig(&tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify}) |