From 5b4c7ab8860045f8b8864a7d25d970f6c3d08d53 Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@zammad.com>
Date: Wed, 30 Sep 2020 14:31:33 +0200
Subject: [PATCH] Enhancement: Added functionality to send X-Hub-Signature
 header with outgoing UserAgent requests to enable recipient to verify the
 integrity of the request body.

---
 lib/user_agent.rb | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/lib/user_agent.rb b/lib/user_agent.rb
index ce4a82095..5a7c09181 100644
--- a/lib/user_agent.rb
+++ b/lib/user_agent.rb
@@ -59,6 +59,9 @@ returns
     # set params
     request = set_params(request, params, options)
 
+    # add signature
+    request = set_signature(request, options)
+
     # start http call
     begin
       total_timeout = options[:total_timeout] || 60
@@ -118,6 +121,9 @@ returns
     # http basic auth (if needed)
     request = set_basic_auth(request, options)
 
+    # add signature
+    request = set_signature(request, options)
+
     # start http call
     begin
       total_timeout = options[:total_timeout] || 60
@@ -176,6 +182,9 @@ returns
     # http basic auth (if needed)
     request = set_basic_auth(request, options)
 
+    # add signature
+    request = set_signature(request, options)
+
     # start http call
     begin
       total_timeout = options[:total_timeout] || 60
@@ -227,6 +236,9 @@ returns
     # http basic auth (if needed)
     request = set_basic_auth(request, options)
 
+    # add signature
+    request = set_signature(request, options)
+
     # start http call
     begin
       total_timeout = options[:total_timeout] || 60
@@ -359,6 +371,16 @@ returns
     request
   end
 
+  def self.set_signature(request, options)
+    return request if options[:signature_token].blank?
+    return request if request.body.blank?
+
+    signature = OpenSSL::HMAC.hexdigest('sha1', options[:signature_token], request.body)
+    request['X-Hub-Signature'] = "sha1=#{signature}"
+
+    request
+  end
+
   def self.log(url, request, response, options)
     return if !options[:log]