# HG changeset patch # User Kim Alvefur <zash@zash.se> # Date 1554048251 -7200 # Node ID f756e051fa02b4a16fec6fb6c508aedb14c1e2f3 # Parent 8811b7dbe6e2beb5e748da5bbf45788bb5e27ed5 mod_pubsub_github: Require a secret to be set (BC) diff -r 8811b7dbe6e2 -r f756e051fa02 mod_pubsub_github/README.markdown --- a/mod_pubsub_github/README.markdown Sun Mar 31 17:59:17 2019 +0200 +++ b/mod_pubsub_github/README.markdown Sun Mar 31 18:04:11 2019 +0200 @@ -25,7 +25,7 @@ Name Default Description ----------------------- ------------------- ------------------------------------------------------------ `github_node` `"github"`{.lua} The pubsub node to publish commits on. - `github_secret` *not set* Shared secret used to sign HTTP requests. + `github_secret` **Required** Shared secret used to sign HTTP requests. `github_actor` *superuser* Which actor to do the publish as (used for access control) The URL for Github to post to would be either: diff -r 8811b7dbe6e2 -r f756e051fa02 mod_pubsub_github/mod_pubsub_github.lua --- a/mod_pubsub_github/mod_pubsub_github.lua Sun Mar 31 17:59:17 2019 +0200 +++ b/mod_pubsub_github/mod_pubsub_github.lua Sun Mar 31 18:04:11 2019 +0200 @@ -9,6 +9,8 @@ local github_actor = module:get_option_string("github_actor") or true; local secret = module:get_option("github_secret"); +assert(secret, "Please set 'github_secret'"); + local error_mapping = { ["forbidden"] = 403; ["item-not-found"] = 404; @@ -18,7 +20,7 @@ function handle_POST(event) local request, response = event.request, event.response; - if secret and ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then + if ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then return 401; end local data = json.decode(request.body);