comparison mod_pubsub_github/mod_pubsub_github.lua @ 3520:37e89a76c7d7

mod_pubsub_github: Lift signature validation from mod_pubsub_post
author Kim Alvefur <zash@zash.se>
date Sun, 31 Mar 2019 18:21:22 +0200
parents ac623080324a
children a200fbce0ecb
comparison
equal deleted inserted replaced
3519:ac623080324a 3520:37e89a76c7d7
1 module:depends("http"); 1 module:depends("http");
2 2
3 local st = require "util.stanza"; 3 local st = require "util.stanza";
4 local json = require "util.json"; 4 local json = require "util.json";
5 local hmac_sha1 = require "util.hashes".hmac_sha1; 5 local hashes = require "util.hashes";
6 local from_hex = require "util.hex".from;
7 local hmacs = {
8 sha1 = hashes.hmac_sha1;
9 sha256 = hashes.hmac_sha256;
10 sha384 = hashes.hmac_sha384;
11 sha512 = hashes.hmac_sha512;
12 };
6 13
7 local pubsub_service = module:depends("pubsub").service; 14 local pubsub_service = module:depends("pubsub").service;
8 local default_node = module:get_option("github_node", "github"); 15 local default_node = module:get_option("github_node", "github");
9 local node_prefix = module:get_option_string("github_node_prefix", "github/"); 16 local node_prefix = module:get_option_string("github_node_prefix", "github/");
10 local node_mapping = module:get_option_string("github_node_mapping"); 17 local node_mapping = module:get_option_string("github_node_mapping");
18 ["item-not-found"] = 404; 25 ["item-not-found"] = 404;
19 ["internal-server-error"] = 500; 26 ["internal-server-error"] = 500;
20 ["conflict"] = 409; 27 ["conflict"] = 409;
21 }; 28 };
22 29
30 local function verify_signature(secret, body, signature)
31 if not signature then return false; end
32 local algo, digest = signature:match("^([^=]+)=(%x+)");
33 if not algo then return false; end
34 local hmac = hmacs[algo];
35 if not algo then return false; end
36 return hmac(secret, body) == from_hex(digest);
37 end
38
23 function handle_POST(event) 39 function handle_POST(event)
24 local request, response = event.request, event.response; 40 local request, response = event.request, event.response;
25 if ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then 41
42 if not verify_signature(secret, request.body, request.headers.x_hub_signature) then
43 module:log("debug", "Signature validation failed");
26 return 401; 44 return 401;
27 end 45 end
28 local data = json.decode(request.body); 46 local data = json.decode(request.body);
29 if not data then 47 if not data then
30 response.status_code = 400; 48 response.status_code = 400;