diff options
Diffstat (limited to 'jekyll-hook.js')
| -rwxr-xr-x | jekyll-hook.js | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/jekyll-hook.js b/jekyll-hook.js index e75a9f3..ab1d6a9 100755 --- a/jekyll-hook.js +++ b/jekyll-hook.js @@ -9,8 +9,32 @@ var tasks = queue(1); var spawn = require('child_process').spawn; var email = require('emailjs/email'); var mailer = email.server.connect(config.email); +var crypto = require('crypto'); +var hmac = crypto.createHmac('sha1', config.secret); -app.use(express.bodyParser()); +app.use(express.bodyParser({ + verify: function(req,res,buffer){ + if(!req.headers['x-hub-signature']){ + return; + } + + if(!config.secret || config.secret==""){ + console.log("Recieved a X-Hub-Signature header, but cannot validate as no secret is configured"); + return; + } + + var recieved_sig = req.headers['x-hub-signature'].split('=')[1]; + var computed_sig = hmac.update(buffer).digest('hex'); + + if(recieved_sig != computed_sig){ + console.warn('Recieved an invalid HMAC: calculated:' + computed_sig + ' != recieved:' + recieved_sig); + var err = new Error('Invalid Signature'); + err.status = 403; + throw err; + } + } + +})); // Receive webhook post app.post('/hooks/jekyll/:branch', function(req, res) { |