Skip to content

Commit

Permalink
chore: auth added for events api
Browse files Browse the repository at this point in the history
  • Loading branch information
@soumyadip007
soumyadip007 committed Feb 7, 2024
1 parent fefbef8 commit 76e1853
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
16 changes: 14 additions & 2 deletions middlewares/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,22 @@ const gitlab = async function (req, res, next) {
if (!(await verifyGitlabSignature(req))) {
res.status(401).send('Unauthorized');
return;
}8
}
next();
};

const events = async function (req, res, next) {
if (!(await verifyEvent(req))) {
res.status(401).send('Unauthorized');
return;
}
next();
};

const verifyEvent = async (req) => {
return config.gitBrokerSecret === req.headers['authorization'];
};

const verifyGithubSignature = async (req) => {
const githubSignature = crypto.createHmac('sha256', config.githubWebhookSecret).update(JSON.stringify(req.body)).digest('hex');
return `sha256=${githubSignature}` === req.headers['x-hub-signature-256'];
Expand All @@ -33,4 +45,4 @@ const verifyGitlabSignature =async (req) => {
return true;
};

module.exports = { github, gitlab };
module.exports = { github, gitlab, events };
2 changes: 1 addition & 1 deletion routes/events.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ const router = new Router();
/**
* @internal webhook for gitlab
*/
router.post('/comment', events.post);
router.post('/comment', auth.events, events.post);

module.exports = router;

0 comments on commit 76e1853

Please sign in to comment.