ellerynz/entries_controller.rb Secret

## entries_controller.rb
class EntriesController < ApplicationController

  skip_before_action :verify_authenticity_token, only: :create
  before_action :verify_signature, only: :create

  def create
    Entry.create(label: params[:pull_request][:title]) if pr_base_is?("master") && pr_merged?
  end

  private

    def pr_base_is?(branch)
      params[:pull_request][:base][:ref] == branch
    end

    def pr_merged?
      params[:pull_request][:merged] && params[:pull_request][:state] == "closed"
    end

    def verify_signature
      payload_body = request.body.read
      signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body)
      render status: 500 unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
    end

end
	class EntriesController < ApplicationController

	skip_before_action :verify_authenticity_token, only: :create
	before_action :verify_signature, only: :create

	def create
	Entry.create(label: params[:pull_request][:title]) if pr_base_is?("master") && pr_merged?
	end

	private

	def pr_base_is?(branch)
	params[:pull_request][:base][:ref] == branch
	end

	def pr_merged?
	params[:pull_request][:merged] && params[:pull_request][:state] == "closed"
	end

	def verify_signature
	payload_body = request.body.read
	signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body)
	render status: 500 unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
	end

	end