alvierahman90/gohookr
1
1
Fork 0
mirror of https://github.com/alvierahman90/gohookr.git synced 2024-09-16 20:04:07 +00:00
Code Issues 1 Projects Releases Wiki Activity

Add ability to disable signature verification

Browse Source
This commit is contained in:
Akbar Rahman 2021-07-29 07:23:43 +01:00
parent 9fca2cefa3
commit cd2c0ff0fe
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
main.go
View File

@ -17,6 +17,7 @@ import (
)
var config_filename = "/etc/ghookr.json"
var noSignatureCheck = false
func main() {
// Used for testing purposes... generates hmac string
@ -41,6 +42,10 @@ func main() {
config_filename = p
}
if p, ok := os.LookupEnv("NO_SIGNATURE_CHECK"); ok {
noSignatureCheck = p == "true"
}
log.Fatal(http.ListenAndServe(port, r))
}
@ -73,8 +78,10 @@ func webhook(w http.ResponseWriter, r *http.Request) {
service = val
}
// Verify that signature provided matches signature calculated using secretsss
signature := r.Header.Get(service.SignatureHeader)
if signature == getSha256HMACSignature([]byte(service.Secret), payload) {
calculatedSignature := getSha256HMACSignature([]byte(service.Secret), payload)
if noSignatureCheck || signature == calculatedSignature {
writeResponse(w, 400, "Bad Request: Signatures do not match")
return
}