JimKarvo/gitea-notification-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial import with modified Dockerfile for env-based config generation

Browse Source
This commit is contained in:
Dimitris Karvounis
2026-06-22 11:56:10 +03:00
parent 28fa7537ac
commit 6bf27aa40e
25 changed files with 3228 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/webhook/validator.go
+75
View File
@@ -0,0 +1,75 @@
package webhook
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"errors"
"io"
"net/http"
"strings"
)
var (
ErrMissingSignature = errors.New("missing X-Gitea-Signature header")
ErrInvalidSignature = errors.New("invalid webhook signature")
)
// Validator validates Gitea webhook signatures
type Validator struct {
secret []byte
}
// NewValidator creates a new webhook validator with the given secret
func NewValidator(secret string) *Validator {
return &Validator{
secret: []byte(secret),
}
}
// ValidateRequest validates the signature of an incoming webhook request
// It returns the request body if valid, or an error if validation fails
func (v *Validator) ValidateRequest(r *http.Request) ([]byte, error) {
// Read the body
body, err := io.ReadAll(r.Body)
if err != nil {
return nil, err
}
// Get signature from header
signature := r.Header.Get("X-Gitea-Signature")
if signature == "" {
return nil, ErrMissingSignature
}
// Validate signature
if !v.validateSignature(body, signature) {
return nil, ErrInvalidSignature
}
return body, nil
}
// validateSignature checks if the HMAC-SHA256 signature matches
func (v *Validator) validateSignature(payload []byte, signature string) bool {
// Gitea sends the signature as a hex-encoded HMAC-SHA256
mac := hmac.New(sha256.New, v.secret)
mac.Write(payload)
expectedMAC := mac.Sum(nil)
expectedSignature := hex.EncodeToString(expectedMAC)
// Handle both with and without "sha256=" prefix
signature = strings.TrimPrefix(signature, "sha256=")
return hmac.Equal([]byte(signature), []byte(expectedSignature))
}
// GetEventType extracts the event type from the request headers
func GetEventType(r *http.Request) GiteaEventType {
return GiteaEventType(r.Header.Get("X-Gitea-Event"))
}
// GetDeliveryID extracts the unique delivery ID from the request headers
func GetDeliveryID(r *http.Request) string {
return r.Header.Get("X-Gitea-Delivery")
}