release: authorize webhook request using webhook secret token #46
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GitHub: groongaGH-43 In this PR, we set up the authorization flow for webhook requests. At the following PRs, we will implement the logic of deployments.
otegami
force-pushed
the
release-verify-signature
branch
from
69632d9 to
ed50a10
Compare
otegami
commented
Dec 12, 2024
Comment on lines
+1
to
+2
| # Copyright (C) 2010-2019 Sutou Kouhei <[email protected]> | ||
| # Copyright (C) 2015 Kenji Okimoto <[email protected]> |
There was a problem hiding this comment.
commit-email/webhook-mailer リポジトリのコードをそのまま使わせていただいたので、
ライセンスヘッダーをそのまま持ってきています 🙏🏾
https://gitlab.com/commit-email/webhook-mailer/-/blob/master/lib/webhook-mailer/response.rb?ref_type=heads
kou
reviewed
Dec 12, 2024
| [200, {}, ["Hello deployer"]] | ||
| request = Rack::Request.new(env) | ||
| response = Response.new | ||
| process(request, response) or response.finish |
There was a problem hiding this comment.
必ずfinishするならこれでよくない?
Suggested change
| process(request, response) or response.finish | |
| process(request, response) | |
| response.finish |
There was a problem hiding this comment.
fix: 0e38ab5 現状は必要ないのでシンプルな方に寄せておこうと思います。
kou
reviewed
Dec 12, 2024
| return nil | ||
| end | ||
|
|
||
| unless verify_signature(request) |
There was a problem hiding this comment.
Suggested change
| unless verify_signature(request) | |
| unless valid_signature?(request) |
There was a problem hiding this comment.
fix: ae7cdd0 boolを返すので確かにこちらのほうがわかりやすいですね。
kou
reviewed
Dec 12, 2024
Comment on lines
45
to
47
| signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), | ||
| ENV['SECRET_TOKEN'], | ||
| request.body.read) |
There was a problem hiding this comment.
変数をもう一つ追加したほうが読みやすいんじゃないかな。
Suggested change
| signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), | |
| ENV['SECRET_TOKEN'], | |
| request.body.read) | |
| hmac_sha256 = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), | |
| ENV['SECRET_TOKEN'], | |
| request.body.read) | |
| signature = "sha256=#{hmac}" |
kou
reviewed
Dec 12, 2024
|
ここまで頂いたレビューコメントの対応をおこないました。 |
kou
reviewed
Dec 12, 2024
kou
reviewed
Dec 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
GitHub: GH-43
In this PR, we set up the authorization flow for webhook requests.
At the following PRs, we will implement the logic of deployments.