Add vcs webhook verification
This commit is contained in:
parent
3cc3fb316c
commit
7d79e4146f
4 changed files with 16 additions and 5 deletions
3
.env
3
.env
|
@ -83,4 +83,5 @@ _APP_CONSOLE_GITHUB_SECRET=
|
|||
_APP_CONSOLE_GITHUB_APP_ID=
|
||||
VCS_GITHUB_APP_NAME=
|
||||
VCS_GITHUB_PRIVATE_KEY=
|
||||
VCS_GITHUB_APP_ID=
|
||||
VCS_GITHUB_APP_ID=
|
||||
VCS_GITHUB_WEBHOOK_SECRET=
|
|
@ -401,8 +401,17 @@ App::post('/v1/vcs/github/incomingwebhook')
|
|||
->inject('getProjectDB')
|
||||
->action(
|
||||
function (GitHub $github, Request $request, Response $response, Database $dbForConsole, callable $getProjectDB) use ($createGitDeployments) {
|
||||
$event = $request->getHeader('x-github-event', '');
|
||||
$signature = $request->getHeader('x-hub-signature-256', '');
|
||||
$payload = $request->getRawPayload();
|
||||
|
||||
$signatureKey = App::getEnv('VCS_GITHUB_WEBHOOK_SECRET', '');
|
||||
|
||||
$valid = $github->validateWebhook($payload, $signature, $signatureKey);
|
||||
if(!$valid) {
|
||||
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Invalid webhook signature.");
|
||||
}
|
||||
|
||||
$event = $request->getHeader('x-github-event', '');
|
||||
$privateKey = App::getEnv('VCS_GITHUB_PRIVATE_KEY');
|
||||
$githubAppId = App::getEnv('VCS_GITHUB_APP_ID');
|
||||
$parsedPayload = $github->parseWebhookEventPayload($event, $payload);
|
||||
|
@ -716,4 +725,4 @@ App::get('/v1/vcs/github/installations/:installationId/repositories/:repositoryI
|
|||
$detection['runtime'] = $runtime;
|
||||
|
||||
$response->dynamic(new Document($detection), Response::MODEL_DETECTION);
|
||||
});
|
||||
});
|
||||
|
|
4
composer.lock
generated
4
composer.lock
generated
|
@ -2705,7 +2705,7 @@
|
|||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/utopia-php/vcs.git",
|
||||
"reference": "46f4de30652a057a0c19a6975276a6be8e12606f"
|
||||
"reference": "01afc324865613f7b34ca9981745bfaaec8ec363"
|
||||
},
|
||||
"require": {
|
||||
"adhocore/jwt": "^1.1",
|
||||
|
@ -2750,7 +2750,7 @@
|
|||
"utopia",
|
||||
"vcs"
|
||||
],
|
||||
"time": "2023-06-12T12:48:43+00:00"
|
||||
"time": "2023-06-15T10:13:29+00:00"
|
||||
},
|
||||
{
|
||||
"name": "utopia-php/websocket",
|
||||
|
|
|
@ -180,6 +180,7 @@ services:
|
|||
- VCS_GITHUB_APP_NAME
|
||||
- VCS_GITHUB_PRIVATE_KEY
|
||||
- VCS_GITHUB_APP_ID
|
||||
- VCS_GITHUB_WEBHOOK_SECRET
|
||||
|
||||
appwrite-realtime:
|
||||
entrypoint: realtime
|
||||
|
|
Loading…
Reference in a new issue