sourcehut
/
hub.sr.ht
mirror of https://git.sr.ht/~sircmpwn/hub.sr.ht
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

webhooks: verify payload signature

This commit is contained in:
Drew DeVault 2020-04-30 10:27:09 -04:00
parent a32c72e135
commit e8d313356c
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hubsrht/blueprints/webhooks.py
View File

@ -6,6 +6,7 @@ from hubsrht.types import Event, EventType, MailingList, SourceRepo, RepoType
from hubsrht.types import Tracker, User, Visibility
from hubsrht.services import todo
from srht.config import get_origin
from srht.crypto import verify_request_signature
from srht.database import db
from srht.flask import csrf_bypass
from urllib.parse import quote
@ -21,7 +22,7 @@ _listssrht = get_origin("lists.sr.ht", external=True, default=None)
@webhooks.route("/webhooks/git-user/<int:user_id>", methods=["POST"])
def git_user(user_id):
event = request.headers.get("X-Webhook-Event")
payload = json.loads(request.data.decode("utf-8"))
payload = verify_request_signature(request)
user = User.query.get(user_id)
if not user:
return "I don't recognize this user.", 404
@ -58,7 +59,7 @@ def git_user(user_id):
@webhooks.route("/webhooks/git-repo/<int:repo_id>", methods=["POST"])
def git_repo(repo_id):
event = request.headers.get("X-Webhook-Event")
payload = json.loads(request.data.decode("utf-8"))
payload = verify_request_signature(request)
repo = SourceRepo.query.get(repo_id)
if not repo:
return "I don't recognize that repository.", 404
@ -100,7 +101,7 @@ def git_repo(repo_id):
@webhooks.route("/webhooks/hg-user/<int:user_id>", methods=["POST"])
def hg_user(user_id):
event = request.headers.get("X-Webhook-Event")
payload = json.loads(request.data.decode("utf-8"))
payload = verify_request_signature(request)
user = User.query.get(user_id)
if not user:
return "I don't recognize this user.", 404
@ -137,7 +138,7 @@ def hg_user(user_id):
@webhooks.route("/webhooks/mailing-list/<list_id>", methods=["POST"])
def mailing_list(list_id):
event = request.headers.get("X-Webhook-Event")
payload = json.loads(request.data.decode("utf-8"))
payload = verify_request_signature(request)
ml = MailingList.query.get(list_id)
if not ml:
return "I don't recognize that mailing list.", 404
@ -192,7 +193,7 @@ def mailing_list(list_id):
@webhooks.route("/webhooks/todo-user/<int:user_id>", methods=["POST"])
def todo_user(user_id):
event = request.headers.get("X-Webhook-Event")
payload = json.loads(request.data.decode("utf-8"))
payload = verify_request_signature(request)
user = User.query.get(user_id)
if not user:
@ -230,7 +231,7 @@ def todo_user(user_id):
@webhooks.route("/webhooks/todo-tracker/<int:tracker_id>", methods=["POST"])
def todo_tracker(tracker_id):
event = request.headers.get("X-Webhook-Event")
payload = json.loads(request.data.decode("utf-8"))
payload = verify_request_signature(request)
tracker = Tracker.query.get(tracker_id)
if not tracker:
@ -276,7 +277,7 @@ def todo_tracker(tracker_id):
@webhooks.route("/webhooks/todo-ticket/<int:tracker_id>/ticket", methods=["POST"])
def todo_ticket(tracker_id):
event = request.headers.get("X-Webhook-Event")
payload = json.loads(request.data.decode("utf-8"))
payload = verify_request_signature(request)
tracker = Tracker.query.get(tracker_id)
if not tracker: