diff options
| author | Philip Martin <pmartin@palantir.com> | 2014-06-03 10:31:23 -0700 |
|---|---|---|
| committer | Philip Martin <pmartin@palantir.com> | 2014-06-03 10:31:23 -0700 |
| commit | 0e6ce5357e72799eff587f8ed3c664b1635256f4 (patch) | |
| tree | 328090d442ee198827cb520956e367cbe9ed55ca /jekyll-hook.js | |
| parent | ea87493f9a91a0d853ea6dd5f6e4a25cb9d536db (diff) | |
Add the ability to validate the X-Hub-Signature header
Diffstat (limited to 'jekyll-hook.js')
| -rwxr-xr-x | jekyll-hook.js | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/jekyll-hook.js b/jekyll-hook.js index 5154fd6..dcc1410 100755 --- a/jekyll-hook.js +++ b/jekyll-hook.js @@ -9,8 +9,32 @@ var tasks = queue(1); var spawn = require('child_process').spawn; var email = require('emailjs/email'); var mailer = email.server.connect(config.email); +var crypto = require('crypto'); -app.use(express.bodyParser()); +app.use(express.bodyParser({ + verify: function(req,res,buffer){ + if(!req.headers['x-hub-signature']){ + return; + } + + if(!config.secret || config.secret==""){ + console.log("Recieved a X-Hub-Signature header, but cannot validate as no secret is configured"); + return; + } + + var hmac = crypto.createHmac('sha1', config.secret); + var recieved_sig = req.headers['x-hub-signature'].split('=')[1]; + var computed_sig = hmac.update(buffer).digest('hex'); + + if(recieved_sig != computed_sig){ + console.warn('Recieved an invalid HMAC: calculated:' + computed_sig + ' != recieved:' + recieved_sig); + var err = new Error('Invalid Signature'); + err.status = 403; + throw err; + } + } + +})); // Receive webhook post app.post('/hooks/jekyll/:branch', function(req, res) { |