|
1 | 1 | open Base |
2 | | -open Printf |
3 | | -open Common |
4 | 2 | open Devkit |
| 3 | +open Printf |
5 | 4 | open Github_j |
6 | 5 |
|
7 | 6 | type t = |
@@ -37,42 +36,44 @@ let event_of_filename filename = |
37 | 36 | | [ kind; _; "json" ] -> Some kind |
38 | 37 | | _ -> None |
39 | 38 |
|
40 | | -let is_main_merge_message ~msg:message ?main_branch ~branch = |
41 | | - match main_branch with |
| 39 | +let is_main_merge_message ~msg:message ~branch (cfg : Config_t.config) = |
| 40 | + match cfg.main_branch_name with |
42 | 41 | | Some main_branch when String.equal branch main_branch -> |
43 | 42 | (* |
44 | 43 | handle "Merge <main branch> into <feature branch>" commits when they are merged into main branch |
45 | 44 | we should have already seen these commits on the feature branch but for some reason they are distinct:true |
46 | 45 | *) |
47 | 46 | let prefix = sprintf "Merge branch '%s' into " main_branch in |
48 | 47 | let prefix2 = sprintf "Merge remote-tracking branch 'origin/%s' into " main_branch in |
49 | | - let title = first_line message in |
| 48 | + let title = Common.first_line message in |
50 | 49 | String.is_prefix title ~prefix || String.is_prefix title ~prefix:prefix2 |
51 | 50 | | Some main_branch -> |
52 | 51 | let expect = sprintf "Merge branch '%s' into %s" main_branch branch in |
53 | 52 | let expect2 = sprintf "Merge remote-tracking branch 'origin/%s' into %s" main_branch branch in |
54 | | - let title = first_line message in |
| 53 | + let title = Common.first_line message in |
55 | 54 | String.equal title expect || String.equal title expect2 |
56 | 55 | | _ -> false |
57 | 56 |
|
58 | 57 | let modified_files_of_commit commit = List.concat [ commit.added; commit.removed; commit.modified ] |
59 | 58 |
|
60 | | -let has_valid_signature ~hook_token ~headers ~body = |
61 | | - match List.Assoc.find headers "x-hub-signature" ~equal:String.equal with |
62 | | - | None -> Exn.fail "unable to find header x-hub-signature" |
63 | | - | Some signature -> |
64 | | - let key = Cstruct.of_string hook_token in |
65 | | - let request_hash = Cstruct.to_string @@ Nocrypto.Hash.SHA1.hmac ~key (Cstruct.of_string body) in |
66 | | - let (`Hex request_hash) = Hex.of_string request_hash in |
67 | | - String.equal signature (sprintf "sha1=%s" request_hash) |
| 59 | +let is_valid_signature ~secret headers_sig body = |
| 60 | + let request_hash = |
| 61 | + let key = Cstruct.of_string secret in |
| 62 | + Cstruct.to_string @@ Nocrypto.Hash.SHA1.hmac ~key (Cstruct.of_string body) |
| 63 | + in |
| 64 | + let (`Hex request_hash) = Hex.of_string request_hash in |
| 65 | + String.equal headers_sig (sprintf "sha1=%s" request_hash) |
68 | 66 |
|
69 | 67 | (* Parse a payload. The type of the payload is detected from the headers. *) |
70 | | -let parse_exn ?hook_token headers body = |
71 | | - match |
72 | | - Option.value_map hook_token ~default:true ~f:(fun hook_token -> has_valid_signature ~hook_token ~headers ~body) |
73 | | - with |
74 | | - | false -> failwith "request signature invalid" |
75 | | - | true -> |
| 68 | +let parse_exn ~secret headers body = |
| 69 | + begin |
| 70 | + match secret with |
| 71 | + | None -> () |
| 72 | + | Some secret -> |
| 73 | + match List.Assoc.find headers "x-hub-signature" ~equal:String.equal with |
| 74 | + | None -> Exn.fail "unable to find header x-hub-signature" |
| 75 | + | Some req_sig -> if not @@ is_valid_signature ~secret req_sig body then failwith "request signature invalid" |
| 76 | + end; |
76 | 77 | match List.Assoc.find_exn headers "x-github-event" ~equal:String.equal with |
77 | 78 | | exception exn -> Exn.fail ~exn "unable to read x-github-event" |
78 | 79 | | "push" -> Push (commit_pushed_notification_of_string body) |
|
0 commit comments