diff options
author | kongr45gpen <electrovesta@gmail.com> | 2016-03-15 16:41:58 +0200 |
---|---|---|
committer | kongr45gpen <electrovesta@gmail.com> | 2016-03-15 16:41:58 +0200 |
commit | 23d851aff066a39e3ceb01f85c30539e467a70ea (patch) | |
tree | 2feeadac920c62161163b3b4d7ee0ae8361787b9 /local/handler | |
parent | e56a487b2a6672284a8f18a816782b5fdebf3b08 (diff) | |
download | supybot_github-23d851aff066a39e3ceb01f85c30539e467a70ea.tar.gz supybot_github-23d851aff066a39e3ceb01f85c30539e467a70ea.tar.bz2 supybot_github-23d851aff066a39e3ceb01f85c30539e467a70ea.zip |
Add support for github secrets
Diffstat (limited to 'local/handler')
-rw-r--r-- | local/handler/GithubHandler.py | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/local/handler/GithubHandler.py b/local/handler/GithubHandler.py index 4d420e3..53ea740 100644 --- a/local/handler/GithubHandler.py +++ b/local/handler/GithubHandler.py @@ -1,10 +1,12 @@ import os import re +import hmac import json import time import random import urllib import urllib2 +import hashlib import urlparse import threading import BaseHTTPServer @@ -37,17 +39,12 @@ class GithubHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_POST(s): """Respond to a POST request.""" length = int(s.headers['Content-Length']) + payload = s.rfile.read(length).decode('utf-8') if 'content-type' not in s.headers or s.headers['content-type'] == 'application/x-www-form-urlencoded': - post_data = urlparse.parse_qs(s.rfile.read(length).decode('utf-8')) + post_data = urlparse.parse_qs(payload) data = json.loads(post_data['payload'][0]) else: - data = json.loads(s.rfile.read(length).decode('utf-8')) - - s.send_response(200) - s.send_header('Content-type', 'text/html') - s.end_headers() - s.wfile.write("Thanks, you're awesome.\n") - s.wfile.write(s.path.split('/')) + data = json.loads(payload) if 'X-GitHub-Event' in s.headers: eventType = s.headers['X-GitHub-Event'] @@ -58,7 +55,7 @@ class GithubHandler(BaseHTTPServer.BaseHTTPRequestHandler): if not os.path.exists('requests/'): os.makedirs('requests') - f = open('requests/' + eventType + strftime("%Y-%m-%d %H:%M:%S") + '.json', 'w') + f = open('requests/' + eventType.replace('/','_') + strftime("%Y-%m-%d %H:%M:%S") + '.json', 'w') f.write(json.dumps(data, sort_keys=True, indent=4, separators=(',', ': '))) f.close() @@ -92,11 +89,33 @@ class GithubHandler(BaseHTTPServer.BaseHTTPRequestHandler): i+=1 + s.send_response(200) + s.send_header('Content-type', 'text/html') + s.end_headers() + s.wfile.write("Thanks, you're awesome.\n") + s.wfile.write(s.path.split('/')) + if requireCode and receivedcode != configValue('passcode'): # The password is wrong s.wfile.write("The password is wrong") return + secret = getChannelSecret(channel) + if secret is not None: + if not 'X-Hub-Signature' in s.headers: + s.wfile.write("This channel requires a secret") + return + + digest = "sha1=%s" % (hmac.new(secret, payload, hashlib.sha1).hexdigest(),) + log.debug("expected digest: %s", digest) + + provided = s.headers['X-Hub-Signature'] + log.debug("provided digest: %s", provided) + + if not secureCompare(digest, provided): + s.wfile.write("Invalid secret key") + return + brackets = parseBrackets(configValue('brackets')) themeName = configValue('theme') |