Mercurial > prosody-modules

diff mod_pubsub_github/mod_pubsub_github.lua @ 3264:f48bedd1d433

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_pubsub_github: Add support for signed requests
author Kim Alvefur <zash@zash.se>
date Fri, 24 Aug 2018 17:49:53 +0200
parents a65f4297264b
children d4207ab8ccc1
line wrap: on
line diff
--- a/mod_pubsub_github/mod_pubsub_github.lua	Fri Aug 24 17:46:47 2018 +0200
+++ b/mod_pubsub_github/mod_pubsub_github.lua	Fri Aug 24 17:49:53 2018 +0200
@@ -3,12 +3,17 @@
 local st = require "util.stanza";
 local json = require "util.json";
 local formdecode = require "net.http".formdecode;
+local hmac_sha1 = require "util.hashes".hmac_sha1;
 
 local pubsub_service = module:depends("pubsub").service;
 local node = module:get_option("github_node", "github");
+local secret = module:get_option("github_secret");
 
 function handle_POST(event)
 	local request = event.request;
+	if secret and ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then
+		return 401;
+	end
 	local data = json.decode(request.body);
 	if not data then
 		return "Invalid JSON. From you of all people...";