Add signatures to webhooks (#6428)
parent
909feaafa7
commit
22d3d029e6
|
@ -6,7 +6,10 @@
|
||||||
package models
|
package models
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/hmac"
|
||||||
|
"crypto/sha256"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
@ -101,6 +104,7 @@ type Webhook struct {
|
||||||
RepoID int64 `xorm:"INDEX"`
|
RepoID int64 `xorm:"INDEX"`
|
||||||
OrgID int64 `xorm:"INDEX"`
|
OrgID int64 `xorm:"INDEX"`
|
||||||
URL string `xorm:"url TEXT"`
|
URL string `xorm:"url TEXT"`
|
||||||
|
Signature string `xorm:"TEXT"`
|
||||||
ContentType HookContentType
|
ContentType HookContentType
|
||||||
Secret string `xorm:"TEXT"`
|
Secret string `xorm:"TEXT"`
|
||||||
Events string `xorm:"TEXT"`
|
Events string `xorm:"TEXT"`
|
||||||
|
@ -529,6 +533,7 @@ type HookTask struct {
|
||||||
UUID string
|
UUID string
|
||||||
Type HookTaskType
|
Type HookTaskType
|
||||||
URL string `xorm:"TEXT"`
|
URL string `xorm:"TEXT"`
|
||||||
|
Signature string `xorm:"TEXT"`
|
||||||
api.Payloader `xorm:"-"`
|
api.Payloader `xorm:"-"`
|
||||||
PayloadContent string `xorm:"TEXT"`
|
PayloadContent string `xorm:"TEXT"`
|
||||||
ContentType HookContentType
|
ContentType HookContentType
|
||||||
|
@ -657,11 +662,23 @@ func prepareWebhook(e Engine, w *Webhook, repo *Repository, event HookEventType,
|
||||||
payloader = p
|
payloader = p
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var signature string
|
||||||
|
if len(w.Secret) > 0 {
|
||||||
|
data, err := payloader.JSONPayload()
|
||||||
|
if err != nil {
|
||||||
|
log.Error(2, "prepareWebhooks.JSONPayload: %v", err)
|
||||||
|
}
|
||||||
|
sig := hmac.New(sha256.New, []byte(w.Secret))
|
||||||
|
sig.Write(data)
|
||||||
|
signature = hex.EncodeToString(sig.Sum(nil))
|
||||||
|
}
|
||||||
|
|
||||||
if err = createHookTask(e, &HookTask{
|
if err = createHookTask(e, &HookTask{
|
||||||
RepoID: repo.ID,
|
RepoID: repo.ID,
|
||||||
HookID: w.ID,
|
HookID: w.ID,
|
||||||
Type: w.HookTaskType,
|
Type: w.HookTaskType,
|
||||||
URL: w.URL,
|
URL: w.URL,
|
||||||
|
Signature: signature,
|
||||||
Payloader: payloader,
|
Payloader: payloader,
|
||||||
ContentType: w.ContentType,
|
ContentType: w.ContentType,
|
||||||
EventType: event,
|
EventType: event,
|
||||||
|
@ -712,8 +729,10 @@ func (t *HookTask) deliver() {
|
||||||
req := httplib.Post(t.URL).SetTimeout(timeout, timeout).
|
req := httplib.Post(t.URL).SetTimeout(timeout, timeout).
|
||||||
Header("X-Gitea-Delivery", t.UUID).
|
Header("X-Gitea-Delivery", t.UUID).
|
||||||
Header("X-Gitea-Event", string(t.EventType)).
|
Header("X-Gitea-Event", string(t.EventType)).
|
||||||
|
Header("X-Gitea-Signature", t.Signature).
|
||||||
Header("X-Gogs-Delivery", t.UUID).
|
Header("X-Gogs-Delivery", t.UUID).
|
||||||
Header("X-Gogs-Event", string(t.EventType)).
|
Header("X-Gogs-Event", string(t.EventType)).
|
||||||
|
Header("X-Gogs-Signature", t.Signature).
|
||||||
HeaderWithSensitiveCase("X-GitHub-Delivery", t.UUID).
|
HeaderWithSensitiveCase("X-GitHub-Delivery", t.UUID).
|
||||||
HeaderWithSensitiveCase("X-GitHub-Event", string(t.EventType)).
|
HeaderWithSensitiveCase("X-GitHub-Event", string(t.EventType)).
|
||||||
SetTLSClientConfig(&tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify})
|
SetTLSClientConfig(&tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify})
|
||||||
|
|
Loading…
Reference in New Issue