Changeset

3515:f756e051fa02

mod_pubsub_github: Require a secret to be set (BC)
author Kim Alvefur <zash@zash.se>
date Sun, 31 Mar 2019 18:04:11 +0200 (2019-03-31)
parents 3514:8811b7dbe6e2
children 3516:d94875c3ddda
files mod_pubsub_github/README.markdown mod_pubsub_github/mod_pubsub_github.lua
diffstat 2 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mod_pubsub_github/README.markdown	Sun Mar 31 17:59:17 2019 +0200
+++ b/mod_pubsub_github/README.markdown	Sun Mar 31 18:04:11 2019 +0200
@@ -25,7 +25,7 @@
   Name                    Default             Description
   ----------------------- ------------------- ------------------------------------------------------------
   `github_node`           `"github"`{.lua}    The pubsub node to publish commits on.
-  `github_secret`         *not set*           Shared secret used to sign HTTP requests.
+  `github_secret`         **Required**        Shared secret used to sign HTTP requests.
   `github_actor`          *superuser*         Which actor to do the publish as (used for access control)
 
 The URL for Github to post to would be either:
--- a/mod_pubsub_github/mod_pubsub_github.lua	Sun Mar 31 17:59:17 2019 +0200
+++ b/mod_pubsub_github/mod_pubsub_github.lua	Sun Mar 31 18:04:11 2019 +0200
@@ -9,6 +9,8 @@
 local github_actor = module:get_option_string("github_actor") or true;
 local secret = module:get_option("github_secret");
 
+assert(secret, "Please set 'github_secret'");
+
 local error_mapping = {
 	["forbidden"] = 403;
 	["item-not-found"] = 404;
@@ -18,7 +20,7 @@
 
 function handle_POST(event)
 	local request, response = event.request, event.response;
-	if secret and ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then
+	if ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then
 		return 401;
 	end
 	local data = json.decode(request.body);