diff options
| -rw-r--r-- | config.sample.json | 1 | ||||
| -rwxr-xr-x | jekyll-hook.js | 26 |
2 files changed, 26 insertions, 1 deletions
diff --git a/config.sample.json b/config.sample.json index 01da368..eba0920 100644 --- a/config.sample.json +++ b/config.sample.json @@ -6,6 +6,7 @@ "build": "./scripts/build.sh", "publish": "./scripts/publish.sh" }, + "secret": "", "email": { "isActivated": false, "user": "", diff --git a/jekyll-hook.js b/jekyll-hook.js index e75a9f3..72785c7 100755 --- a/jekyll-hook.js +++ b/jekyll-hook.js @@ -9,8 +9,32 @@ var tasks = queue(1); var spawn = require('child_process').spawn; var email = require('emailjs/email'); var mailer = email.server.connect(config.email); +var crypto = require('crypto'); -app.use(express.bodyParser()); +app.use(express.bodyParser({ + verify: function(req,res,buffer){ + if(!req.headers['x-hub-signature']){ + return; + } + + if(!config.secret || config.secret==""){ + console.log("Recieved a X-Hub-Signature header, but cannot validate as no secret is configured"); + return; + } + + var hmac = crypto.createHmac('sha1', config.secret); + var recieved_sig = req.headers['x-hub-signature'].split('=')[1]; + var computed_sig = hmac.update(buffer).digest('hex'); + + if(recieved_sig != computed_sig){ + console.warn('Recieved an invalid HMAC: calculated:' + computed_sig + ' != recieved:' + recieved_sig); + var err = new Error('Invalid Signature'); + err.status = 403; + throw err; + } + } + +})); // Receive webhook post app.post('/hooks/jekyll/:branch', function(req, res) { |