# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1554048251 -7200
# Node ID f756e051fa02b4a16fec6fb6c508aedb14c1e2f3
# Parent  8811b7dbe6e2beb5e748da5bbf45788bb5e27ed5
mod_pubsub_github: Require a secret to be set (BC)

diff -r 8811b7dbe6e2 -r f756e051fa02 mod_pubsub_github/README.markdown
--- a/mod_pubsub_github/README.markdown	Sun Mar 31 17:59:17 2019 +0200
+++ b/mod_pubsub_github/README.markdown	Sun Mar 31 18:04:11 2019 +0200
@@ -25,7 +25,7 @@
   Name                    Default             Description
   ----------------------- ------------------- ------------------------------------------------------------
   `github_node`           `"github"`{.lua}    The pubsub node to publish commits on.
-  `github_secret`         *not set*           Shared secret used to sign HTTP requests.
+  `github_secret`         **Required**        Shared secret used to sign HTTP requests.
   `github_actor`          *superuser*         Which actor to do the publish as (used for access control)
 
 The URL for Github to post to would be either:
diff -r 8811b7dbe6e2 -r f756e051fa02 mod_pubsub_github/mod_pubsub_github.lua
--- a/mod_pubsub_github/mod_pubsub_github.lua	Sun Mar 31 17:59:17 2019 +0200
+++ b/mod_pubsub_github/mod_pubsub_github.lua	Sun Mar 31 18:04:11 2019 +0200
@@ -9,6 +9,8 @@
 local github_actor = module:get_option_string("github_actor") or true;
 local secret = module:get_option("github_secret");
 
+assert(secret, "Please set 'github_secret'");
+
 local error_mapping = {
 	["forbidden"] = 403;
 	["item-not-found"] = 404;
@@ -18,7 +20,7 @@
 
 function handle_POST(event)
 	local request, response = event.request, event.response;
-	if secret and ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then
+	if ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then
 		return 401;
 	end
 	local data = json.decode(request.body);