Skip to content

Commit

Permalink
fix(2017): switch to Octokit verify method (#160)
Browse files Browse the repository at this point in the history
  • Loading branch information
@klu909
klu909 authored Jun 3, 2020
1 parent 18db88f commit 4bc29ac
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 23 deletions.
25 changes: 2 additions & 23 deletions index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@

const Breaker = require('circuit-fuses').breaker;
const Octokit = require('@octokit/rest');
const { verify } = require('@octokit/webhooks');
const hoek = require('hoek');
const Path = require('path');
const joi = require('joi');
const schema = require('screwdriver-data-schema');
const CHECKOUT_URL_REGEX = schema.config.regex.CHECKOUT_URL;
const Scm = require('screwdriver-scm-base');
const crypto = require('crypto');
const logger = require('screwdriver-logger');
const DEFAULT_AUTHOR = {
avatar: 'https://cd.screwdriver.cd/assets/unknown_user.png',
Expand Down Expand Up @@ -1087,27 +1087,6 @@ class GithubScm extends Scm {
};
}

/**
* Check validity of Github webhook event signature
* @method _checkSignature
* @param {String} secret The secret used to sign the payload
* @param {String} payload The payload of the webhook event
* @param {String} signature The signature of the webhook event
* @returns {boolean}
*/
_checkSignature(secret, payload, signature) {
const hmac = crypto.createHmac('sha1', secret);

hmac.setEncoding('hex');
hmac.write(JSON.stringify(payload), 'utf-8');
hmac.end();

const sha = hmac.read();
const hash = `sha1=${sha}`;

return hash === signature;
}

/**
* Get the changed files from a Github event
* @async _getChangedFiles
Expand Down Expand Up @@ -1187,7 +1166,7 @@ class GithubScm extends Scm {
}

// eslint-disable-next-line no-underscore-dangle
if (!this._checkSignature(this.config.secret, webhookPayload, signature)) {
if (!verify(this.config.secret, webhookPayload, signature)) {
throw new Error('Invalid x-hub-signature');
}

Expand Down
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
},
"dependencies": {
"@octokit/rest": "~16.33",
"@octokit/webhooks": "~7.6.2",
"circuit-fuses": "^4.0.4",
"hoek": "^6.1.2",
"joi": "^13.7.0",
Expand Down

0 comments on commit 4bc29ac

Please sign in to comment.