bugfix gitea deploy and bash script

This commit is contained in:
AJ ONeal 2020-10-09 08:57:01 +00:00
parent f78fafd3c4
commit 83e91a1fd8
3 changed files with 22 additions and 6 deletions

View File

@ -8,11 +8,13 @@ GIT_REPO_OWNER
GIT_REPO_NAME GIT_REPO_NAME
GIT_CLONE_URL' GIT_CLONE_URL'
# The directory of this bash script
base_dir="$(dirname "$(readlink -f "$0")")" base_dir="$(dirname "$(readlink -f "$0")")"
if [[ -f "scripts/${GIT_REPO_ID}/deploy.sh" ]]
if [[ -f "${base_dir}/${GIT_REPO_ID}/deploy.sh" ]]
then then
echo "Running deplay script for ${GIT_REPO_ID}" echo "Running deplay script for ${GIT_REPO_ID}"
bash "scripts/${GIT_REPO_ID}/deploy.sh" bash "${base_dir}/${GIT_REPO_ID}/deploy.sh"
else else
echo "Nothing to do for ${GIT_REPO_ID}" echo "Nothing to do for ${GIT_REPO_ID}"
for x in $my_envs; do for x in $my_envs; do

View File

@ -0,0 +1,3 @@
#!/bin/bash
echo 'Hello World'

View File

@ -1,6 +1,9 @@
package gitea package gitea
import ( import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
@ -13,7 +16,6 @@ import (
"git.ryanburnette.com/ryanburnette/git-deploy/internal/webhooks" "git.ryanburnette.com/ryanburnette/git-deploy/internal/webhooks"
"github.com/go-chi/chi" "github.com/go-chi/chi"
"github.com/google/go-github/v32/github"
) )
func init() { func init() {
@ -50,9 +52,10 @@ func InitWebhook(providername string, secret *string, envname string) func() {
return return
} }
sig := "sha256=" + r.Header.Get("X_GITEA_SIGNATURE") sig := r.Header.Get("X-Gitea-Signature")
if err := github.ValidateSignature(sig, payload, secretB); nil != err { sigB, err := hex.DecodeString(sig)
log.Printf("invalid gitea signature: error: %s\n", err) if !ValidMAC(payload, sigB, secretB) {
log.Printf("invalid gitea signature: %q\n", sig)
http.Error(w, "invalid gitea signature", http.StatusBadRequest) http.Error(w, "invalid gitea signature", http.StatusBadRequest)
return return
} }
@ -98,3 +101,11 @@ func InitWebhook(providername string, secret *string, envname string) func() {
}) })
} }
} }
// ValidMAC reports whether messageMAC is a valid HMAC tag for message.
func ValidMAC(message, messageMAC, key []byte) bool {
mac := hmac.New(sha256.New, key)
mac.Write(message)
expectedMAC := mac.Sum(nil)
return hmac.Equal(messageMAC, expectedMAC)
}