mirror of
https://github.com/alvierahman90/gohookr.git
synced 2024-11-21 17:29:53 +00:00
Add support for individually disabling signature verification
This commit is contained in:
parent
f2b2ac9368
commit
39fe4748e1
@ -6,8 +6,7 @@
|
||||
"Program": "./example.sh",
|
||||
"AppendPayload": true
|
||||
},
|
||||
"Secret": "THISISVERYSECRET",
|
||||
"SignatureHeader": "X-Gitea-Signature",
|
||||
"DisableSignatureVerification": true,
|
||||
"Tests": [
|
||||
{
|
||||
"Program": "echo",
|
||||
|
@ -4,11 +4,12 @@ package config
|
||||
type Config struct {
|
||||
ListenAddress string
|
||||
Services map[string]struct {
|
||||
Script Command
|
||||
Secret string
|
||||
SignaturePrefix string
|
||||
SignatureHeader string
|
||||
Tests []Command
|
||||
Script Command
|
||||
Secret string
|
||||
SignaturePrefix string
|
||||
SignatureHeader string
|
||||
DisableSignatureVerification bool
|
||||
Tests []Command
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,10 +23,10 @@ func (c Config) Validate() error {
|
||||
if service.Script.Program == "" {
|
||||
return requiredFieldError{"Script.Program", serviceName}
|
||||
}
|
||||
if service.SignatureHeader == "" {
|
||||
if !service.DisableSignatureVerification && service.SignatureHeader == "" {
|
||||
return requiredFieldError{"SignatureHeader", serviceName}
|
||||
}
|
||||
if service.Secret == "" {
|
||||
if !service.DisableSignatureVerification && service.Secret == "" {
|
||||
return requiredFieldError{"Secret", serviceName}
|
||||
}
|
||||
}
|
||||
|
3
main.go
3
main.go
@ -75,7 +75,8 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
|
||||
)
|
||||
fmt.Printf("signature = %v\n", signature)
|
||||
fmt.Printf("calcuatedSignature = %v\n", calculatedSignature)
|
||||
if signature != calculatedSignature && checkSignature {
|
||||
if service.DisableSignatureVerification ||
|
||||
(signature != calculatedSignature && checkSignature) {
|
||||
writeResponse(w, 400, "Bad Request: Signatures do not match")
|
||||
fmt.Println("Signatures do not match!")
|
||||
return
|
||||
|
@ -27,7 +27,9 @@ For GitHub it would be `sha256=`.
|
||||
|
||||
### Disable Signature Verification
|
||||
|
||||
You can disable signature verification altogether by setting environment variable
|
||||
You can disable signature verification by setting `DisableSignatureVerification` for a service to `true`.
|
||||
|
||||
You can disable signature verification for all services by setting environment variable
|
||||
`NO_SIGNATURE_VERIFICATION` to `true`.
|
||||
|
||||
## Writing Commands
|
||||
@ -63,8 +65,7 @@ An example config file can be found [here](./config.json) but also below:
|
||||
"Program": "./example.sh",
|
||||
"AppendPayload": true
|
||||
},
|
||||
"Secret": "THISISVERYSECRET",
|
||||
"SignatureHeader": "X-Gitea-Signature",
|
||||
"DisableSignatureVerification": true,
|
||||
"Tests": [
|
||||
{
|
||||
"Program": "echo",
|
||||
|
Loading…
Reference in New Issue
Block a user