From 306ccd4b72f7a447877450f53d80498a85726d85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oskar=20Thor=C3=A9n?= <me@oskarth.com>
Date: Fri, 3 Nov 2017 17:44:25 -0500
Subject: [PATCH] Experiment: naive github app

---
 src/clj/commiteth/github/core.clj     |  7 ++++++-
 src/clj/commiteth/routes/webhooks.clj | 23 ++++++++++++++++++++++-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/clj/commiteth/github/core.clj b/src/clj/commiteth/github/core.clj
index 21b8ba6..d966d1e 100644
--- a/src/clj/commiteth/github/core.clj
+++ b/src/clj/commiteth/github/core.clj
@@ -37,8 +37,13 @@
 (defn signup-authorize-url []
   (authorize-url "user:email"))
 
+;; XXX: Disable this to get normal behavior
+(def github-app-flag true)
+
 (defn admin-authorize-url []
-  (authorize-url "admin:repo_hook repo user:email admin:org_hook"))
+  (if github-app-flag
+    (authorize-url "public_repo user:email")
+    (authorize-url "admin:repo_hook repo user:email admin:org_hook")))
 
 (defn access-settings-url []
   (str "https://github.com/settings/connections/applications/" (client-id)))
diff --git a/src/clj/commiteth/routes/webhooks.clj b/src/clj/commiteth/routes/webhooks.clj
index 8f93a0e..95b9056 100644
--- a/src/clj/commiteth/routes/webhooks.clj
+++ b/src/clj/commiteth/routes/webhooks.clj
@@ -237,6 +237,12 @@
          (crypto/eq? github-signature
                      (str "sha1=" (hex-hmac-sha1 secret raw-payload))))))
 
+(defn validate-secret-naive [webhook-payload raw-payload github-signature]
+  (let [full-name (get-in webhook-payload [:repository :full_name])
+        repo (repos/get-repo full-name)]
+    (log/debug "validate secret - repo exists?" repo)
+    repo))
+
 
 (defroutes webhook-routes
   (POST "/webhook" {:keys [headers body]}
@@ -252,4 +258,19 @@
                 "issues" (handle-issue payload)
                 "pull_request" (handle-pull-request payload)
                 (ok)))
-            (forbidden)))))
+            (forbidden))))
+  (POST "/webhook-app" {:keys [headers body]}
+        (log/debug "webhook-app POST, headers" headers)
+        (let [raw-payload (slurp body)
+              payload (json/parse-string raw-payload true)]
+          (log/debug "webhook-app POST, payload" payload)
+          (if (validate-secret-naive payload raw-payload (get headers "x-hub-signature"))
+            (do
+              (log/debug "Github secret validation OK app")
+              (log/debug "x-github-event app" (get headers "x-github-event"))
+              (case (get headers "x-github-event")
+                "issues" (handle-issue payload)
+                "pull_request" (handle-pull-request payload)
+                (ok)))
+            (forbidden))))
+  )