status-im
/
open-bounty
mirror of https://github.com/status-im/open-bounty.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix crash when receiving a webhook POST for unknown repo

This commit is contained in:
Teemu Patja 2017-03-06 14:07:19 +02:00
parent 317247e31a
commit e6def5b3f8
No known key found for this signature in database
GPG Key ID: F5B7035E6580FD4C
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/clj/commiteth/routes/webhooks.clj
View File

@ -13,7 +13,8 @@
[compojure.core :refer [defroutes POST]]
[crypto.equality :as crypto]
[ring.util.http-response :refer [ok forbidden]]
[commiteth.db.bounties :as bounties-db])
[commiteth.db.bounties :as bounties-db]
[clojure.string :as string])
(:import java.lang.Integer))
(defn find-issue-event
@ -187,9 +188,10 @@
(defn validate-secret [webhook-payload raw-payload github-signature]
(let [full-name (get-in webhook-payload [:repository :full_name])
repo (repos/get-repo full-name)
secret (:hook_secret repo)
signature (str "sha1=" (hex-hmac-sha1 secret raw-payload))]
(crypto/eq? signature github-signature)))
secret (:hook_secret repo)]
(and (not (string/blank? secret))
(crypto/eq? github-signature
(str "sha1=" (hex-hmac-sha1 secret raw-payload))))))
(defroutes webhook-routes