alarsyo/prololo-reborn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

github: handle prefix in front of sha256 sig

Browse source
This commit is contained in:
Antoine Martin 2021-09-12 22:18:02 +02:00
parent 9521afaf95
commit 04670d2be1
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/webhooks/github/signing.rs
View file

@ -24,6 +24,15 @@ fn validate_signature(secret: &str, signature: &str, data: &str) -> bool {
mac.update(data.as_bytes());
// GitHub puts a prefix in front of its hex SHA256
let signature = match signature.strip_prefix("sha256=") {
Some(s) => s,
None => {
trace!("couldn't strip prefix from signature `{}`", signature);
return false;
}
};
match hex::decode(signature) {
Ok(bytes) => mac.verify(&bytes).is_ok(),
Err(_) => {