Check json

Remove ref check
2022-02-23 10:25:19 +00:00 · 2022-02-23 10:24:26 +00:00
2 changed files with 4 additions and 12 deletions
--- a/app/dependencies.py
+++ b/app/dependencies.py
@ -6,11 +6,12 @@ from fastapi.exceptions import HTTPException
 async def auth_hook(request: Request):
    try:
        text = await request.body()
-
+        json = await request.json()
    except:
        raise HTTPException(status_code=204, detail="Missing or bad content")
-    header_signature = request.headers.get('X-Hub-Signature')

+
+    header_signature = request.headers.get('X-Hub-Signature')
    if not header_signature:
        raise HTTPException(status_code=400, detail="Missing signature")

@ -27,6 +28,7 @@ async def auth_hook(request: Request):
    mac = hmac.new(secret_key.encode(), msg=text, digestmod='sha1')

    # verify the digest matches the signature
+    print(f'{mac.hexdigest()} {signature}')
    if not hmac.compare_digest(mac.hexdigest(), signature):
        raise HTTPException(status_code=403, detail="Unauthorized")

--- a/app/test/test.py
+++ b/app/test/test.py
@ -46,16 +46,6 @@ def test_auth():
    assert response.status_code == 403
    assert response.text == '{"detail":"Unauthorized"}'
   
-
-# def test_branch():
-#     payload = {"ref": "refs/heads/master"}
-#     response = client.post("/test_ref", json= payload)
-#     assert response.status_code == 202
-
-#     payload = {"ref": "refs/heads/test"}
-#     response = client.post("/test_ref", json= payload)
-#     assert response.status_code == 403
-
 def test_web():
    response = client.get('/test_web?token={}'.format(getenv("TOKEN")))
    assert response.status_code == 200
Author	SHA1	Message	Date
Jimmy	c3141df775	Check json	2022-02-23 10:25:19 +00:00
Jimmy	0217d98d4f	Remove ref check	2022-02-23 10:24:26 +00:00