From 23732bbfe0ed8c4920bd7188b700f63ed5612b51 Mon Sep 17 00:00:00 2001 From: jazzari Date: Mon, 14 Aug 2023 12:50:18 -0300 Subject: [PATCH] feat: add method to validate token from diff platforms in webhooks controller #13903 --- app/controllers/api/v1/webhooks_controller.rb | 29 +++++++++++++++++-- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 1933f24e..091d467e 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -10,10 +10,32 @@ module Api @site ||= Site.find_by_name!(params[:site_id]) end - # valida la plataforma del webhook + # valida el token que envĂ­a la plataforma del webhook + def token + @token ||= + begin + # Gitlab + if request.headers['X-Gitlab-Token'] + request.headers["X-Gitlab-Token"] + # Github + elsif request.headers['X-HUB-SIGNATURE-256'] + signature(request.env['HTTP_X_HUB_SIGNATURE_256']) + # Guitea + else + signature(request.env['HTTP_X_GITEA_SIGNATURE']) + end + end + end + + def token_from_signature(signature) + payload = request.body.read + site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| + new_signature = hash_mac(OpenSSL::Digest.new('sha256'), token, payload) + @token ||= Rack::Utils.secure_compare(new_signature, signature) + end + end + def usuarie - # Gitlab - token = request.headers["X-Gitlab-Token"] @usuarie = site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie end @@ -23,6 +45,7 @@ module Api message = I18n.with_locale(site.default_locale) do I18n.t('webhooks.pull.message') end + GitPullJob.perform_later(site, usuarie, message) end