Sutty/panel
5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-16 22:36:21 +00:00
Code Issues Projects Releases Wiki Activity

fix: add rescue in token_from_signature method #13903
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse source
This commit is contained in:
jazzari 2023-08-15 19:25:06 -03:00
parent c5406acb26
commit aeb2105dc7
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
app/controllers/api/v1/webhooks_controller.rb
View file

@ -9,6 +9,8 @@ module Api
# Trae los cambios a partir de un post de Webhooks:
# (Gitlab, Github, Gitea, etc)
#
# @return [nil]
def pull
message = I18n.with_locale(site.default_locale) do
I18n.t('webhooks.pull.message')
@ -36,22 +38,27 @@ module Api
request.headers['X-Gitlab-Token']
# Github
elsif request.headers['X-HUB-SIGNATURE-256']
request.env['HTTP_X_HUB_SIGNATURE_256']
token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256'])
# Gitea
else
request.env['HTTP_X_GITEA_SIGNATURE']
token_from_signatureq(request.env['HTTP_X_GITEA_SIGNATURE'])
end
end
end
# valida token a partir de firma de webhook
#
# @return [String]
# @return [String, Boolean]
def token_from_signature(signature)
payload = request.body.read
site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token|
new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload)
ActiveSupport::SecurityUtils.secure_compare(new_signature, signature)
end.tap do |t|
raise ArgumentError, 'token no encontrado' if t.nil?
rescue ArgumentError => e
ExceptionNotifier.notify_exception(e, data: { params: params.to_h })
raise ActiveRecord::RecordNotFound
end
end