rack-github_webhooks 0.2.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +24 -2
- data/lib/rack/github_webhooks/version.rb +1 -1
- data/lib/rack/github_webhooks.rb +27 -23
- data/rack-github_webhooks.gemspec +2 -2
- metadata +13 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 4e9bc4dec047a6c37f877852a93a65b18c9aadb80be3b2814ae1a5c938ccc5b0
|
|
4
|
+
data.tar.gz: 0ae119a01cf1ac2afbe6582645d2de9f6452b6231c8ce5b8ce27139b1223d565
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1405789690a5345c9676e29e229bf4d1b4e1541b72506c7571ead31281f2ca14c79cd366fa08ed2d3c9d972061a97d102d313e76c40dd663a76c013854c23e4f
|
|
7
|
+
data.tar.gz: ff191f5ec6ad9c86a978f9a8d9f03792dcc929e9f1b39e600aa157da2971df2d13025d61b4ce17675a8bdcf148b41af3c6ea748bf118805c97bbaf6fdc4be634
|
data/CHANGELOG.md
CHANGED
|
@@ -3,9 +3,23 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
5
5
|
|
|
6
|
-
## 0.
|
|
6
|
+
## [0.5.0] - 2022-03-09
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
### Changed
|
|
9
|
+
|
|
10
|
+
- Validate using SHA256 instead of SHA1 #3
|
|
11
|
+
|
|
12
|
+
## [0.4.0] - 2016-03-25
|
|
13
|
+
|
|
14
|
+
### Fixed
|
|
15
|
+
|
|
16
|
+
- Call `env['rack.input'].rewind` after reading from it. Thanks @ppworks for the patch.
|
|
17
|
+
|
|
18
|
+
## [0.3.0] - 2015-11-29
|
|
19
|
+
|
|
20
|
+
### Changed
|
|
21
|
+
|
|
22
|
+
- Internal refactor to separate out `Signature` class.
|
|
9
23
|
|
|
10
24
|
## [0.2.0] - 2015-11-29
|
|
11
25
|
|
|
@@ -13,4 +27,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
|
13
27
|
|
|
14
28
|
- Don't error when there's no 'X-Hub-Signature' header.
|
|
15
29
|
|
|
30
|
+
|
|
31
|
+
## 0.1.0 - 2015-11-29
|
|
32
|
+
|
|
33
|
+
- Initial release
|
|
34
|
+
|
|
16
35
|
[0.2.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.1.0...v0.2.0
|
|
36
|
+
[0.3.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.2.0...v0.3.0
|
|
37
|
+
[0.4.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.3.0...v0.4.0
|
|
38
|
+
[0.5.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.4.0...v0.5.0
|
data/lib/rack/github_webhooks.rb
CHANGED
|
@@ -4,11 +4,21 @@ require 'json'
|
|
|
4
4
|
|
|
5
5
|
module Rack
|
|
6
6
|
class GithubWebhooks
|
|
7
|
-
|
|
7
|
+
class Signature
|
|
8
|
+
HMAC_DIGEST = OpenSSL::Digest.new('sha256')
|
|
8
9
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
def initialize(secret, hub_signature, payload_body)
|
|
11
|
+
@secret = secret
|
|
12
|
+
@hub_signature = hub_signature
|
|
13
|
+
@signature = "sha256=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, payload_body)}"
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def valid?
|
|
17
|
+
return true unless @secret
|
|
18
|
+
return false unless @hub_signature
|
|
19
|
+
Rack::Utils.secure_compare(@signature, @hub_signature)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
12
22
|
|
|
13
23
|
def initialize(app, opts = {})
|
|
14
24
|
@app = app
|
|
@@ -16,29 +26,23 @@ module Rack
|
|
|
16
26
|
end
|
|
17
27
|
|
|
18
28
|
def call(env)
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
29
|
+
rewind_body(env)
|
|
30
|
+
signature = Signature.new(
|
|
31
|
+
@secret,
|
|
32
|
+
env['HTTP_X_HUB_SIGNATURE_256'],
|
|
33
|
+
env['rack.input'].read
|
|
34
|
+
)
|
|
35
|
+
return [400, {}, ["Signatures didn't match!"]] unless signature.valid?
|
|
36
|
+
|
|
37
|
+
rewind_body(env)
|
|
38
|
+
@app.call(env)
|
|
22
39
|
end
|
|
23
40
|
|
|
24
41
|
private
|
|
25
42
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
return false unless request.env['HTTP_X_HUB_SIGNATURE']
|
|
30
|
-
Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def signature
|
|
34
|
-
"sha1=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, payload_body)}"
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def payload_body
|
|
38
|
-
@payload_body ||= begin
|
|
39
|
-
request.body.rewind
|
|
40
|
-
request.body.read
|
|
41
|
-
end
|
|
43
|
+
def rewind_body(env)
|
|
44
|
+
env['rack.input'].rewind if env['rack.input'].respond_to?(:rewind)
|
|
45
|
+
rescue Errno::ESPIPE
|
|
42
46
|
end
|
|
43
47
|
end
|
|
44
48
|
end
|
|
@@ -18,8 +18,8 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
19
19
|
spec.require_paths = ['lib']
|
|
20
20
|
|
|
21
|
-
spec.add_development_dependency 'bundler', '
|
|
22
|
-
spec.add_development_dependency 'rake'
|
|
21
|
+
spec.add_development_dependency 'bundler', '>= 1.10'
|
|
22
|
+
spec.add_development_dependency 'rake'
|
|
23
23
|
spec.add_development_dependency 'minitest'
|
|
24
24
|
spec.add_development_dependency 'pry'
|
|
25
25
|
spec.add_development_dependency 'rack-test'
|
metadata
CHANGED
|
@@ -1,43 +1,43 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-github_webhooks
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Mytton
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-03-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '1.10'
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '1.10'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: minitest
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -94,7 +94,7 @@ dependencies:
|
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '0'
|
|
97
|
-
description:
|
|
97
|
+
description:
|
|
98
98
|
email:
|
|
99
99
|
- chrismytton@gmail.com
|
|
100
100
|
executables: []
|
|
@@ -117,7 +117,7 @@ homepage: https://github.com/chrismytton/rack-github_webhook
|
|
|
117
117
|
licenses:
|
|
118
118
|
- MIT
|
|
119
119
|
metadata: {}
|
|
120
|
-
post_install_message:
|
|
120
|
+
post_install_message:
|
|
121
121
|
rdoc_options: []
|
|
122
122
|
require_paths:
|
|
123
123
|
- lib
|
|
@@ -132,9 +132,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
132
132
|
- !ruby/object:Gem::Version
|
|
133
133
|
version: '0'
|
|
134
134
|
requirements: []
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
signing_key:
|
|
135
|
+
rubygems_version: 3.2.22
|
|
136
|
+
signing_key:
|
|
138
137
|
specification_version: 4
|
|
139
138
|
summary: Rack middleware to check GitHub webhooks are authentic
|
|
140
139
|
test_files: []
|