Add support for individually disabling signature verification

This commit is contained in:
Akbar Rahman 2021-08-14 01:02:36 +01:00
parent f2b2ac9368
commit 39fe4748e1
4 changed files with 15 additions and 13 deletions

View File

@ -6,8 +6,7 @@
"Program": "./example.sh", "Program": "./example.sh",
"AppendPayload": true "AppendPayload": true
}, },
"Secret": "THISISVERYSECRET", "DisableSignatureVerification": true,
"SignatureHeader": "X-Gitea-Signature",
"Tests": [ "Tests": [
{ {
"Program": "echo", "Program": "echo",

View File

@ -8,6 +8,7 @@ type Config struct {
Secret string Secret string
SignaturePrefix string SignaturePrefix string
SignatureHeader string SignatureHeader string
DisableSignatureVerification bool
Tests []Command Tests []Command
} }
} }
@ -22,10 +23,10 @@ func (c Config) Validate() error {
if service.Script.Program == "" { if service.Script.Program == "" {
return requiredFieldError{"Script.Program", serviceName} return requiredFieldError{"Script.Program", serviceName}
} }
if service.SignatureHeader == "" { if !service.DisableSignatureVerification && service.SignatureHeader == "" {
return requiredFieldError{"SignatureHeader", serviceName} return requiredFieldError{"SignatureHeader", serviceName}
} }
if service.Secret == "" { if !service.DisableSignatureVerification && service.Secret == "" {
return requiredFieldError{"Secret", serviceName} return requiredFieldError{"Secret", serviceName}
} }
} }

View File

@ -75,7 +75,8 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
) )
fmt.Printf("signature = %v\n", signature) fmt.Printf("signature = %v\n", signature)
fmt.Printf("calcuatedSignature = %v\n", calculatedSignature) fmt.Printf("calcuatedSignature = %v\n", calculatedSignature)
if signature != calculatedSignature && checkSignature { if service.DisableSignatureVerification ||
(signature != calculatedSignature && checkSignature) {
writeResponse(w, 400, "Bad Request: Signatures do not match") writeResponse(w, 400, "Bad Request: Signatures do not match")
fmt.Println("Signatures do not match!") fmt.Println("Signatures do not match!")
return return

View File

@ -27,7 +27,9 @@ For GitHub it would be `sha256=`.
### Disable Signature Verification ### Disable Signature Verification
You can disable signature verification altogether by setting environment variable You can disable signature verification by setting `DisableSignatureVerification` for a service to `true`.
You can disable signature verification for all services by setting environment variable
`NO_SIGNATURE_VERIFICATION` to `true`. `NO_SIGNATURE_VERIFICATION` to `true`.
## Writing Commands ## Writing Commands
@ -63,8 +65,7 @@ An example config file can be found [here](./config.json) but also below:
"Program": "./example.sh", "Program": "./example.sh",
"AppendPayload": true "AppendPayload": true
}, },
"Secret": "THISISVERYSECRET", "DisableSignatureVerification": true,
"SignatureHeader": "X-Gitea-Signature",
"Tests": [ "Tests": [
{ {
"Program": "echo", "Program": "echo",