5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-17 08:16:29 +00:00

feat: add method to validate token from diff platforms in webhooks controller #13903
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed

This commit is contained in:
jazzari 2023-08-14 12:50:18 -03:00
parent 63fd91ee48
commit 23732bbfe0

View file

@ -10,10 +10,32 @@ module Api
@site ||= Site.find_by_name!(params[:site_id])
end
# valida la plataforma del webhook
# valida el token que envía la plataforma del webhook
def token
@token ||=
begin
# Gitlab
if request.headers['X-Gitlab-Token']
request.headers["X-Gitlab-Token"]
# Github
elsif request.headers['X-HUB-SIGNATURE-256']
signature(request.env['HTTP_X_HUB_SIGNATURE_256'])
# Guitea
else
signature(request.env['HTTP_X_GITEA_SIGNATURE'])
end
end
end
def token_from_signature(signature)
payload = request.body.read
site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token|
new_signature = hash_mac(OpenSSL::Digest.new('sha256'), token, payload)
@token ||= Rack::Utils.secure_compare(new_signature, signature)
end
end
def usuarie
# Gitlab
token = request.headers["X-Gitlab-Token"]
@usuarie = site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie
end
@ -23,6 +45,7 @@ module Api
message = I18n.with_locale(site.default_locale) do
I18n.t('webhooks.pull.message')
end
GitPullJob.perform_later(site, usuarie, message)
end