alvierahman90/gohookr
1
1
Fork 0
mirror of https://github.com/alvierahman90/gohookr.git synced 2024-11-22 08:49:53 +00:00
Code Issues 1 Projects Releases Wiki Activity

fix signature comparison logic

Browse Source
This commit is contained in:
Akbar Rahman 2021-07-29 08:29:37 +01:00
parent 3fa2c958f7
commit fd93cc4fb1
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
main.go
View File

@ -17,7 +17,7 @@ import (
) )
var config_filename = "/etc/gohookr.json" var config_filename = "/etc/gohookr.json"
var noSignatureCheck = false var checkSignature = true
func main() { func main() {
r := mux.NewRouter() r := mux.NewRouter()
@ -33,7 +33,7 @@ func main() {
} }
if p, ok := os.LookupEnv("NO_SIGNATURE_CHECK"); ok { if p, ok := os.LookupEnv("NO_SIGNATURE_CHECK"); ok {
noSignatureCheck = p == "true" checkSignature = p != "true"
} }
log.Fatal(http.ListenAndServe(port, r)) log.Fatal(http.ListenAndServe(port, r))
@ -66,7 +66,9 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
// Verify that signature provided matches signature calculated using secretsss // Verify that signature provided matches signature calculated using secretsss
signature := r.Header.Get(service.SignatureHeader) signature := r.Header.Get(service.SignatureHeader)
calculatedSignature := getSha256HMACSignature([]byte(service.Secret), payload) calculatedSignature := getSha256HMACSignature([]byte(service.Secret), payload)
if noSignatureCheck || signature == calculatedSignature { fmt.Printf("signature = %v\n", signature)
fmt.Printf("calcuatedSignature = %v\n", signature)
if signature != calculatedSignature && checkSignature{
writeResponse(w, 400, "Bad Request: Signatures do not match") writeResponse(w, 400, "Bad Request: Signatures do not match")
return return
} }