From 5e14944fb6ede5e4cc9a6de1a125cfd25b9695ee Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine.martin@prologin.org>
Date: Sun, 12 Sep 2021 20:27:05 +0200
Subject: [PATCH] github: store secret in config file

---
 src/config.rs          | 2 ++
 src/main.rs            | 6 ++++--
 src/webhooks/github.rs | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index 5eeb74c..a358bf6 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -17,4 +17,6 @@ pub struct ProloloConfig {
     /// ID of the Matrix room where the bot should post messages. The bot will only accept
     /// invitations to this room.
     pub matrix_room_id: RoomId,
+    /// Secret used to verify HMAC signature of GitHub webhooks
+    pub github_secret: String,
 }
diff --git a/src/main.rs b/src/main.rs
index 870deef..999719e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -14,7 +14,7 @@ mod config;
 use config::ProloloConfig;
 
 mod webhooks;
-use webhooks::{github_webhook, EventSender};
+use webhooks::{github::GitHubSecret, github_webhook, EventSender};
 
 #[derive(Clap)]
 #[clap(version = "0.1")]
@@ -35,6 +35,7 @@ async fn main() -> anyhow::Result<()> {
         .context("couldn't parse config file")?;
 
     let (sender, receiver) = unbounded_channel();
+    let github_secret = config.github_secret.clone();
 
     let prololo = Prololo::new(config).context("failed to create prololo bot")?;
     prololo.init().await.context("failed to init prololo bot")?;
@@ -42,6 +43,7 @@ async fn main() -> anyhow::Result<()> {
 
     let rocket = rocket::build()
         .mount("/", routes![github_webhook])
-        .manage(EventSender(sender));
+        .manage(EventSender(sender))
+        .manage(GitHubSecret(github_secret));
     rocket.launch().await.map_err(|err| anyhow::anyhow!(err))
 }
diff --git a/src/webhooks/github.rs b/src/webhooks/github.rs
index 9281614..642872f 100644
--- a/src/webhooks/github.rs
+++ b/src/webhooks/github.rs
@@ -15,7 +15,7 @@ use crate::webhooks::{Event, EventSender};
 
 const X_GITHUB_EVENT: &str = "X-GitHub-Event";
 
-struct GitHubSecret(String);
+pub struct GitHubSecret(pub String);
 
 #[rocket::post("/api/webhooks/github", data = "<payload>")]
 pub fn github_webhook(