Experiment: naive github app

2025-01-13 02:55:18 +00:00 · 2017-11-03 17:44:25 -05:00 · 2017-11-03 17:44:25 -05:00 · 306ccd4b72
commit 306ccd4b72
parent 4b947767e0
2 changed files with 28 additions and 2 deletions
--- a/src/clj/commiteth/github/core.clj
+++ b/src/clj/commiteth/github/core.clj
@ -37,8 +37,13 @@
 (defn signup-authorize-url []
  (authorize-url "user:email"))

+;; XXX: Disable this to get normal behavior
+(def github-app-flag true)
+
 (defn admin-authorize-url []
-  (authorize-url "admin:repo_hook repo user:email admin:org_hook"))
+  (if github-app-flag
+    (authorize-url "public_repo user:email")
+    (authorize-url "admin:repo_hook repo user:email admin:org_hook")))

 (defn access-settings-url []
  (str "https://github.com/settings/connections/applications/" (client-id)))
--- a/src/clj/commiteth/routes/webhooks.clj
+++ b/src/clj/commiteth/routes/webhooks.clj
@ -237,6 +237,12 @@
         (crypto/eq? github-signature
                     (str "sha1=" (hex-hmac-sha1 secret raw-payload))))))

+(defn validate-secret-naive [webhook-payload raw-payload github-signature]
+  (let [full-name (get-in webhook-payload [:repository :full_name])
+        repo (repos/get-repo full-name)]
+    (log/debug "validate secret - repo exists?" repo)
+    repo))
+

 (defroutes webhook-routes
  (POST "/webhook" {:keys [headers body]}
@ -252,4 +258,19 @@
                "issues" (handle-issue payload)
                "pull_request" (handle-pull-request payload)
                (ok)))
-            (forbidden)))))
+            (forbidden))))
+  (POST "/webhook-app" {:keys [headers body]}
+        (log/debug "webhook-app POST, headers" headers)
+        (let [raw-payload (slurp body)
+              payload (json/parse-string raw-payload true)]
+          (log/debug "webhook-app POST, payload" payload)
+          (if (validate-secret-naive payload raw-payload (get headers "x-hub-signature"))
+            (do
+              (log/debug "Github secret validation OK app")
+              (log/debug "x-github-event app" (get headers "x-github-event"))
+              (case (get headers "x-github-event")
+                "issues" (handle-issue payload)
+                "pull_request" (handle-pull-request payload)
+                (ok)))
+            (forbidden))))
+  )