diff options
Diffstat (limited to 'src/api/service/github.ts')
| -rw-r--r-- | src/api/service/github.ts | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/api/service/github.ts b/src/api/service/github.ts index 00241987ab..2b70675010 100644 --- a/src/api/service/github.ts +++ b/src/api/service/github.ts @@ -1,5 +1,6 @@ import * as EventEmitter from 'events'; import * as express from 'express'; +const crypto = require('crypto'); import User from '../models/user'; import config from '../../conf'; @@ -20,7 +21,7 @@ module.exports = async (app: express.Application) => { const handler = new EventEmitter(); app.post('/hooks/github', (req, res, next) => { - if (req.headers['x-hub-signature'] == config.github_bot.hook_secret) { + if ((new Buffer(req.headers['x-hub-signature'])).equals(new Buffer('sha1=' + crypto.createHmac('sha1', config.github_bot.hook_secret).update(JSON.stringify(req.body)).digest('hex')))) { handler.emit(req.headers['x-github-event'], req.body); } else { res.sendStatus(400); |