default

Author: mead

src/GogsWebhook/Http/Controllers/WebHookController.php

@@ -16,23 +16,27 @@ class WebHookController extends Controller
 {
     public function handle(Request $request)
     {
-        $path = config('gogs-webhook.webhook.path', base_path());
-//        $path = base_path();
-        $token = config('gogs-webhook.webhook.token', false);
-        if (!$token) {
-            exit('error request');
-        }
-        if ($request->header('X-Gogs-Signature', false) !== $token) {
-            exit('error request');
+        $path = base_path();
+
+        $signature = $request->header('X-Gogs-Signature', false);
+        if (!$signature && !$this->verify_webhook($signature)) {
+            exit('tokan is error !');
         }
-//        if (empty($json['token']) || $json['token'] !== $token) {
-//            exit('error request');
-//        }
 
-        $cmd = "cd $path && git pull 2>&1";
-        exit($cmd);
+        $cmd = "cd $path && git pull origin master 2>&1";
         $status = shell_exec($cmd);
         exit($status);
-        print $status;
+    }
+
+    protected function verify_webhook($hmac_header)
+    {
+        $token = config('gogs-webhook.webhook.app_secret', false);
+        $data = file_get_contents('php://input');
+        if (!$token) {
+            exit('token is not null!');
+        }
+
+        $calculated_hmac = hash_hmac('sha256', $data, $token, false);
+        return ((string)$hmac_header === (string)$calculated_hmac);
     }
 }

src/config/gogs-webhook.php

@@ -8,9 +8,6 @@
 
 return [
     'webhook' => [
-        'token' => '',
-        'path' => '',
-        'user' => '',
-        'user_group'=>''
+        'app_secret' => env('WEBHOOK_APP_SECRET', ''),
     ]
 ];