From 04670d2be156f9832067bd7680c9af181e945ee9 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine.martin@prologin.org>
Date: Sun, 12 Sep 2021 22:18:02 +0200
Subject: [PATCH] github: handle prefix in front of sha256 sig

---
 src/webhooks/github/signing.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/webhooks/github/signing.rs b/src/webhooks/github/signing.rs
index 6e8fa9f..77fc476 100644
--- a/src/webhooks/github/signing.rs
+++ b/src/webhooks/github/signing.rs
@@ -24,6 +24,15 @@ fn validate_signature(secret: &str, signature: &str, data: &str) -> bool {
 
     mac.update(data.as_bytes());
 
+    // GitHub puts a prefix in front of its hex SHA256
+    let signature = match signature.strip_prefix("sha256=") {
+        Some(s) => s,
+        None => {
+            trace!("couldn't strip prefix from signature `{}`", signature);
+            return false;
+        }
+    };
+
     match hex::decode(signature) {
         Ok(bytes) => mac.verify(&bytes).is_ok(),
         Err(_) => {