File tree Expand file tree Collapse file tree 1 file changed +4
-5
lines changed Expand file tree Collapse file tree 1 file changed +4
-5
lines changed Original file line number Diff line number Diff line change @@ -14,8 +14,7 @@ import (
1414 "github.com/naiba/webhooks"
1515 client "github.com/gogits/go-gogs-client"
1616 "crypto/hmac"
17- "crypto/sha1"
18- "encoding/hex"
17+ "crypto/sha256"
1918)
2019
2120// Webhook instance contains all methods needed to process events
@@ -107,12 +106,12 @@ func (hook Webhook) ParsePayload(w http.ResponseWriter, r *http.Request) {
107106 }
108107 webhooks .DefaultLog .Debug (fmt .Sprintf ("X-Gogs-Signature:%s" , signature ))
109108
110- mac := hmac .New (sha1 .New , []byte (hook .secret ))
109+ mac := hmac .New (sha256 .New , []byte (hook .secret ))
111110 mac .Write (payload )
112111
113- expectedMAC := hex . EncodeToString ( mac .Sum (nil ) )
112+ expectedMAC := mac .Sum (nil )
114113
115- if ! hmac .Equal ([]byte (signature [ 5 :] ), [] byte ( expectedMAC ) ) {
114+ if ! hmac .Equal ([]byte (signature ), expectedMAC ) {
116115 webhooks .DefaultLog .Error ("HMAC verification failed" )
117116 http .Error (w , "403 Forbidden - HMAC verification failed" , http .StatusForbidden )
118117 return
You can’t perform that action at this time.
0 commit comments