Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
class EntriesController < ApplicationController
skip_before_action :verify_authenticity_token, only: :create
before_action :verify_signature, only: :create
def create
Entry.create(label: params[:pull_request][:title]) if pr_base_is?("master") && pr_merged?
end
private
def pr_base_is?(branch)
params[:pull_request][:base][:ref] == branch
end
def pr_merged?
params[:pull_request][:merged] && params[:pull_request][:state] == "closed"
end
def verify_signature
payload_body = request.body.read
signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body)
render status: 500 unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment