rack-github_webhooks 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: a873ebafec269872d3abb639f944a479adf2546f
4
- data.tar.gz: 717c16e2efcc488894a7bdb40aea1166d52d1851
2
+ SHA256:
3
+ metadata.gz: 4e9bc4dec047a6c37f877852a93a65b18c9aadb80be3b2814ae1a5c938ccc5b0
4
+ data.tar.gz: 0ae119a01cf1ac2afbe6582645d2de9f6452b6231c8ce5b8ce27139b1223d565
5
5
  SHA512:
6
- metadata.gz: 9dc3c67e962e3866178dee129c2d2fe33bb0cf3ade812a4b615c8d25cd99fc129c553cfdd5dffa07d722962589908ee05a39b0d1dd538fe3036d4bc7c01d2b51
7
- data.tar.gz: f4649ebce4d107ce3baa0d057aa97df7341b73d393c2f06da1a7c05e904654e5d78ea8d15c1a94718d28c0074e5dbc694c1f2b813886e9664bc9e73e1f991b7d
6
+ metadata.gz: 1405789690a5345c9676e29e229bf4d1b4e1541b72506c7571ead31281f2ca14c79cd366fa08ed2d3c9d972061a97d102d313e76c40dd663a76c013854c23e4f
7
+ data.tar.gz: ff191f5ec6ad9c86a978f9a8d9f03792dcc929e9f1b39e600aa157da2971df2d13025d61b4ce17675a8bdcf148b41af3c6ea748bf118805c97bbaf6fdc4be634
data/CHANGELOG.md CHANGED
@@ -3,6 +3,12 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project adheres to [Semantic Versioning](http://semver.org/).
5
5
 
6
+ ## [0.5.0] - 2022-03-09
7
+
8
+ ### Changed
9
+
10
+ - Validate using SHA256 instead of SHA1 #3
11
+
6
12
  ## [0.4.0] - 2016-03-25
7
13
 
8
14
  ### Fixed
@@ -29,3 +35,4 @@ This project adheres to [Semantic Versioning](http://semver.org/).
29
35
  [0.2.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.1.0...v0.2.0
30
36
  [0.3.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.2.0...v0.3.0
31
37
  [0.4.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.3.0...v0.4.0
38
+ [0.5.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.4.0...v0.5.0
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  class GithubWebhooks
3
- VERSION = '0.4.0'
3
+ VERSION = '0.5.0'
4
4
  end
5
5
  end
@@ -5,13 +5,12 @@ require 'json'
5
5
  module Rack
6
6
  class GithubWebhooks
7
7
  class Signature
8
- HMAC_DIGEST = OpenSSL::Digest.new('sha1')
8
+ HMAC_DIGEST = OpenSSL::Digest.new('sha256')
9
9
 
10
10
  def initialize(secret, hub_signature, payload_body)
11
11
  @secret = secret
12
12
  @hub_signature = hub_signature
13
- @signature = 'sha1=' +
14
- OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, payload_body)
13
+ @signature = "sha256=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, payload_body)}"
15
14
  end
16
15
 
17
16
  def valid?
@@ -27,20 +26,23 @@ module Rack
27
26
  end
28
27
 
29
28
  def call(env)
30
- env['rack.input'].rewind
29
+ rewind_body(env)
31
30
  signature = Signature.new(
32
31
  @secret,
33
- env['HTTP_X_HUB_SIGNATURE'],
32
+ env['HTTP_X_HUB_SIGNATURE_256'],
34
33
  env['rack.input'].read
35
34
  )
36
35
  return [400, {}, ["Signatures didn't match!"]] unless signature.valid?
37
36
 
38
- begin
39
- env['rack.input'].rewind if env['rack.input'].respond_to?(:rewind)
40
- rescue Errno::ESPIPE
41
- end
42
-
37
+ rewind_body(env)
43
38
  @app.call(env)
44
39
  end
40
+
41
+ private
42
+
43
+ def rewind_body(env)
44
+ env['rack.input'].rewind if env['rack.input'].respond_to?(:rewind)
45
+ rescue Errno::ESPIPE
46
+ end
45
47
  end
46
48
  end
@@ -18,8 +18,8 @@ Gem::Specification.new do |spec|
18
18
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
19
  spec.require_paths = ['lib']
20
20
 
21
- spec.add_development_dependency 'bundler', '~> 1.10'
22
- spec.add_development_dependency 'rake', '~> 10.0'
21
+ spec.add_development_dependency 'bundler', '>= 1.10'
22
+ spec.add_development_dependency 'rake'
23
23
  spec.add_development_dependency 'minitest'
24
24
  spec.add_development_dependency 'pry'
25
25
  spec.add_development_dependency 'rack-test'
metadata CHANGED
@@ -1,43 +1,43 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-github_webhooks
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Mytton
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-03-25 00:00:00.000000000 Z
11
+ date: 2022-03-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: '1.10'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: '1.10'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '10.0'
33
+ version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '10.0'
40
+ version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: minitest
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -94,7 +94,7 @@ dependencies:
94
94
  - - ">="
95
95
  - !ruby/object:Gem::Version
96
96
  version: '0'
97
- description:
97
+ description:
98
98
  email:
99
99
  - chrismytton@gmail.com
100
100
  executables: []
@@ -117,7 +117,7 @@ homepage: https://github.com/chrismytton/rack-github_webhook
117
117
  licenses:
118
118
  - MIT
119
119
  metadata: {}
120
- post_install_message:
120
+ post_install_message:
121
121
  rdoc_options: []
122
122
  require_paths:
123
123
  - lib
@@ -132,9 +132,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
132
132
  - !ruby/object:Gem::Version
133
133
  version: '0'
134
134
  requirements: []
135
- rubyforge_project:
136
- rubygems_version: 2.5.1
137
- signing_key:
135
+ rubygems_version: 3.2.22
136
+ signing_key:
138
137
  specification_version: 4
139
138
  summary: Rack middleware to check GitHub webhooks are authentic
140
139
  test_files: []