Fixed HTTP server's error middleware, Fixed signature verification

dolejska-daniel · Mar 31, 2021 · 60d150d · 60d150d
1 parent 9a52dd1
commit 60d150d
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/deployer/config/app_config.py b/deployer/config/app_config.py
@@ -20,6 +20,7 @@ class AppConfig(object):
 
         Optional("github"): Schema({
             Optional("secret"): str,
+            Optional("digest_header_name"): str,
         }),
 
         Optional("bindings"): Schema([Schema({

diff --git a/deployer/http/server.py b/deployer/http/server.py
@@ -30,14 +30,14 @@ async def error_middleware(cls, request, handler):
             return Response(text=json.dumps({
                 "status": exc.status_code,
                 "reason": exc.reason
-            }), headers={"Content-Type": "application/json"})
+            }), headers={"Content-Type": "application/json"}, status=exc.status_code)
 
         except Exception:
             log.exception("exception occured while processing API request")
             return Response(text=json.dumps({
                 "status": 500,
                 "reason": "Something went wrong. Check server log for more information",
-            }), headers={"Content-Type": "application/json"})
+            }), headers={"Content-Type": "application/json"}, status=500)
 
     # ==========================================================================dd==
     #   PUBLIC PROPERTIES

diff --git a/plugin/http/github/resources/views.py b/plugin/http/github/resources/views.py
@@ -27,8 +27,10 @@ async def github_webhook_handler(request: Request):
     data_raw = await request.text()
     data = dict(json.loads(data_raw))
     if key := AppConfig.get("github.secret"):
-        digest = hmac.digest(str(key).encode(), data_raw.encode(), "sha256").hex()
-        if not hmac.compare_digest(digest, request.headers.get("X-Hub-Signature-256", "")):
+        digest_header_name = AppConfig.get("github.digest_header_name", "X-Hub-Signature-256")
+        digest_method, digest_received = request.headers.get(digest_header_name, "sha256=").split("=", maxsplit=1)
+        digest = hmac.digest(str(key).encode(), data_raw.encode(), digest_method).hex()
+        if not hmac.compare_digest(digest, digest_received):
             raise HTTPUnprocessableEntity(reason="Refusing to process data with invalid signature.")
 
     log.log(0, "received content=%s", data)