From d66fd384d78cf35d364776962167474b207ffc11 Mon Sep 17 00:00:00 2001 From: oatakan Date: Tue, 8 Jun 2021 17:41:20 -0500 Subject: [PATCH 1/5] Add X-Hub-Signature header to webhook deliveries --- models/webhook.go | 2 ++ services/webhook/deliver.go | 1 + services/webhook/webhook.go | 36 ++++++++++++++++++++++++++---------- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/models/webhook.go b/models/webhook.go index 24510cc6f757b..cdc6dec5f693f 100644 --- a/models/webhook.go +++ b/models/webhook.go @@ -127,6 +127,7 @@ type Webhook struct { IsSystemWebhook bool URL string `xorm:"url TEXT"` Signature string `xorm:"TEXT"` + SignatureGitub string `xorm:"TEXT"` HTTPMethod string `xorm:"http_method"` ContentType HookContentType Secret string `xorm:"TEXT"` @@ -654,6 +655,7 @@ type HookTask struct { Typ HookTaskType `xorm:"VARCHAR(16) index"` URL string `xorm:"TEXT"` Signature string `xorm:"TEXT"` + SignatureGithub string `xorm:"TEXT"` api.Payloader `xorm:"-"` PayloadContent string `xorm:"TEXT"` HTTPMethod string `xorm:"http_method"` diff --git a/services/webhook/deliver.go b/services/webhook/deliver.go index a417a9e846d49..ac0824c5b16d4 100644 --- a/services/webhook/deliver.go +++ b/services/webhook/deliver.go @@ -97,6 +97,7 @@ func Deliver(t *models.HookTask) error { req.Header.Add("X-Gogs-Delivery", t.UUID) req.Header.Add("X-Gogs-Event", t.EventType.Event()) req.Header.Add("X-Gogs-Signature", t.Signature) + req.Header.Add("X-Hub-Signature", t.SignatureGithub) req.Header["X-GitHub-Delivery"] = []string{t.UUID} req.Header["X-GitHub-Event"] = []string{t.EventType.Event()} diff --git a/services/webhook/webhook.go b/services/webhook/webhook.go index cc79ec15d1d7a..6ed4cd6ba3a7d 100644 --- a/services/webhook/webhook.go +++ b/services/webhook/webhook.go @@ -6,6 +6,7 @@ package webhook import ( "crypto/hmac" + "crypto/sha1" "crypto/sha256" "encoding/hex" "fmt" @@ -179,17 +180,32 @@ func prepareWebhook(w *models.Webhook, repo *models.Repository, event models.Hoo signature = hex.EncodeToString(sig.Sum(nil)) } + var signaturegithub string + if len(w.Secret) > 0 { + data, err := payloader.JSONPayload() + if err != nil { + log.Error("prepareWebhooks.JSONPayload: %v", err) + } + sig := hmac.New(sha1.New, []byte(w.Secret)) + _, err = sig.Write(data) + if err != nil { + log.Error("prepareWebhooks.sigWrite: %v", err) + } + signaturegithub = "sha1=" + hex.EncodeToString(sig.Sum(nil)) + } + if err = models.CreateHookTask(&models.HookTask{ - RepoID: repo.ID, - HookID: w.ID, - Typ: w.Type, - URL: w.URL, - Signature: signature, - Payloader: payloader, - HTTPMethod: w.HTTPMethod, - ContentType: w.ContentType, - EventType: event, - IsSSL: w.IsSSL, + RepoID: repo.ID, + HookID: w.ID, + Typ: w.Type, + URL: w.URL, + Signature: signature, + SignatureGithub: signaturegithub, + Payloader: payloader, + HTTPMethod: w.HTTPMethod, + ContentType: w.ContentType, + EventType: event, + IsSSL: w.IsSSL, }); err != nil { return fmt.Errorf("CreateHookTask: %v", err) } From 234318dcac914bb1841b65bfa79081be33c0511f Mon Sep 17 00:00:00 2001 From: oatakan Date: Tue, 8 Jun 2021 19:49:07 -0500 Subject: [PATCH 2/5] use tab to fix lint check --- services/webhook/webhook.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/webhook/webhook.go b/services/webhook/webhook.go index 6ed4cd6ba3a7d..b4c0783c7be11 100644 --- a/services/webhook/webhook.go +++ b/services/webhook/webhook.go @@ -200,7 +200,7 @@ func prepareWebhook(w *models.Webhook, repo *models.Repository, event models.Hoo Typ: w.Type, URL: w.URL, Signature: signature, - SignatureGithub: signaturegithub, + SignatureGithub: signaturegithub, Payloader: payloader, HTTPMethod: w.HTTPMethod, ContentType: w.ContentType, From 5656a4942294bbf37bf46d5ec52840b4dc0cef17 Mon Sep 17 00:00:00 2001 From: oatakan Date: Tue, 8 Jun 2021 19:54:51 -0500 Subject: [PATCH 3/5] try to fix windows lint by using tabs --- services/webhook/webhook.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/services/webhook/webhook.go b/services/webhook/webhook.go index b4c0783c7be11..a593a0cd5b451 100644 --- a/services/webhook/webhook.go +++ b/services/webhook/webhook.go @@ -195,17 +195,17 @@ func prepareWebhook(w *models.Webhook, repo *models.Repository, event models.Hoo } if err = models.CreateHookTask(&models.HookTask{ - RepoID: repo.ID, - HookID: w.ID, - Typ: w.Type, - URL: w.URL, - Signature: signature, + RepoID: repo.ID, + HookID: w.ID, + Typ: w.Type, + URL: w.URL, + Signature: signature, SignatureGithub: signaturegithub, - Payloader: payloader, - HTTPMethod: w.HTTPMethod, - ContentType: w.ContentType, - EventType: event, - IsSSL: w.IsSSL, + Payloader: payloader, + HTTPMethod: w.HTTPMethod, + ContentType: w.ContentType, + EventType: event, + IsSSL: w.IsSSL, }); err != nil { return fmt.Errorf("CreateHookTask: %v", err) } From 74159c205bf2376122b761f575e593d58d045247 Mon Sep 17 00:00:00 2001 From: oatakan Date: Tue, 8 Jun 2021 20:07:46 -0500 Subject: [PATCH 4/5] use gofmt -w --- services/webhook/webhook.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/services/webhook/webhook.go b/services/webhook/webhook.go index a593a0cd5b451..aba302f7bd220 100644 --- a/services/webhook/webhook.go +++ b/services/webhook/webhook.go @@ -195,17 +195,17 @@ func prepareWebhook(w *models.Webhook, repo *models.Repository, event models.Hoo } if err = models.CreateHookTask(&models.HookTask{ - RepoID: repo.ID, - HookID: w.ID, - Typ: w.Type, - URL: w.URL, - Signature: signature, - SignatureGithub: signaturegithub, - Payloader: payloader, - HTTPMethod: w.HTTPMethod, - ContentType: w.ContentType, - EventType: event, - IsSSL: w.IsSSL, + RepoID: repo.ID, + HookID: w.ID, + Typ: w.Type, + URL: w.URL, + Signature: signature, + SignatureGithub: signaturegithub, + Payloader: payloader, + HTTPMethod: w.HTTPMethod, + ContentType: w.ContentType, + EventType: event, + IsSSL: w.IsSSL, }); err != nil { return fmt.Errorf("CreateHookTask: %v", err) } From 749cafaa4ee5fdb9b417c95c8e0308ae4844f28b Mon Sep 17 00:00:00 2001 From: oatakan Date: Thu, 10 Jun 2021 13:33:09 -0500 Subject: [PATCH 5/5] change variable name to SignatureSHA1 don't store 'sha=1' in the DB, add when emitting header --- models/webhook.go | 2 +- services/webhook/deliver.go | 2 +- services/webhook/webhook.go | 26 +++++++++++++------------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/models/webhook.go b/models/webhook.go index cdc6dec5f693f..1903db765bf3d 100644 --- a/models/webhook.go +++ b/models/webhook.go @@ -655,7 +655,7 @@ type HookTask struct { Typ HookTaskType `xorm:"VARCHAR(16) index"` URL string `xorm:"TEXT"` Signature string `xorm:"TEXT"` - SignatureGithub string `xorm:"TEXT"` + SignatureSHA1 string `xorm:"TEXT"` api.Payloader `xorm:"-"` PayloadContent string `xorm:"TEXT"` HTTPMethod string `xorm:"http_method"` diff --git a/services/webhook/deliver.go b/services/webhook/deliver.go index ac0824c5b16d4..a072d49514d4d 100644 --- a/services/webhook/deliver.go +++ b/services/webhook/deliver.go @@ -97,7 +97,7 @@ func Deliver(t *models.HookTask) error { req.Header.Add("X-Gogs-Delivery", t.UUID) req.Header.Add("X-Gogs-Event", t.EventType.Event()) req.Header.Add("X-Gogs-Signature", t.Signature) - req.Header.Add("X-Hub-Signature", t.SignatureGithub) + req.Header.Add("X-Hub-Signature", "sha1="+t.SignatureSHA1) req.Header["X-GitHub-Delivery"] = []string{t.UUID} req.Header["X-GitHub-Event"] = []string{t.EventType.Event()} diff --git a/services/webhook/webhook.go b/services/webhook/webhook.go index aba302f7bd220..3b8eb23ae8aea 100644 --- a/services/webhook/webhook.go +++ b/services/webhook/webhook.go @@ -180,7 +180,7 @@ func prepareWebhook(w *models.Webhook, repo *models.Repository, event models.Hoo signature = hex.EncodeToString(sig.Sum(nil)) } - var signaturegithub string + var signatureSHA1 string if len(w.Secret) > 0 { data, err := payloader.JSONPayload() if err != nil { @@ -191,21 +191,21 @@ func prepareWebhook(w *models.Webhook, repo *models.Repository, event models.Hoo if err != nil { log.Error("prepareWebhooks.sigWrite: %v", err) } - signaturegithub = "sha1=" + hex.EncodeToString(sig.Sum(nil)) + signatureSHA1 = hex.EncodeToString(sig.Sum(nil)) } if err = models.CreateHookTask(&models.HookTask{ - RepoID: repo.ID, - HookID: w.ID, - Typ: w.Type, - URL: w.URL, - Signature: signature, - SignatureGithub: signaturegithub, - Payloader: payloader, - HTTPMethod: w.HTTPMethod, - ContentType: w.ContentType, - EventType: event, - IsSSL: w.IsSSL, + RepoID: repo.ID, + HookID: w.ID, + Typ: w.Type, + URL: w.URL, + Signature: signature, + SignatureSHA1: signatureSHA1, + Payloader: payloader, + HTTPMethod: w.HTTPMethod, + ContentType: w.ContentType, + EventType: event, + IsSSL: w.IsSSL, }); err != nil { return fmt.Errorf("CreateHookTask: %v", err) }