Fix 500 error response to some GH app webhooks

Do not assume webhook payloads contain a repository object.
2017-11-04 23:13:22 +02:00 · 2017-11-04 23:13:22 +02:00 · 4ff49464f8
parent 7143ec286a
commit 4ff49464f8
1 changed files with 5 additions and 12 deletions
--- a/src/clj/commiteth/routes/webhooks.clj
+++ b/src/clj/commiteth/routes/webhooks.clj
@ -230,6 +230,7 @@


 (defn validate-secret [webhook-payload raw-payload github-signature]
+  ;; used for oauth app webhooks. secret is repo-specific
  (let [full-name (get-in webhook-payload [:repository :full_name])
        repo (repos/get-repo full-name)
        secret (:hook_secret repo)]
@ -237,21 +238,14 @@
         (crypto/eq? github-signature
                     (str "sha1=" (hex-hmac-sha1 secret raw-payload))))))

-(defn validate-secret-naive [webhook-payload raw-payload github-signature]
-  (let [full-name (get-in webhook-payload [:repository :full_name])
-        repo (repos/get-repo full-name)]
-    (log/debug "validate secret naive - repo exists?" repo)
-    repo))

 (defn validate-secret-one-hook [webhook-payload raw-payload github-signature]
-  (let [full-name (get-in webhook-payload [:repository :full_name])
-        repo (repos/get-repo full-name)
-        secret (github/webhook-secret)
+  ;; used for GH app webhooks. secret is shared
+  (let [secret (github/webhook-secret)
        ;; XXX remove below once verified in logs
        debug-secret (apply str (take 5 (github/webhook-secret)))]
-    (log/debug "validate secret one hook - repo exists and github origin" repo " - " debug-secret)
+    (log/debug "validate secret for GH app"  debug-secret)
    (and (not (string/blank? secret))
-         repo
         (crypto/eq? github-signature
                     (str "sha1=" (hex-hmac-sha1 secret raw-payload))))))

@ -283,5 +277,4 @@
                "issues" (handle-issue payload)
                "pull_request" (handle-pull-request payload)
                (ok)))
-            (forbidden))))
-  )
+            (forbidden)))))