class EntriesController < ApplicationController | |
skip_before_action :verify_authenticity_token, only: :create | |
before_action :verify_signature, only: :create | |
def create | |
Entry.create(label: params[:pull_request][:title]) if pr_base_is?("master") && pr_merged? | |
end | |
private | |
def pr_base_is?(branch) | |
params[:pull_request][:base][:ref] == branch | |
end | |
def pr_merged? | |
params[:pull_request][:merged] && params[:pull_request][:state] == "closed" | |
end | |
def verify_signature | |
payload_body = request.body.read | |
signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body) | |
render status: 500 unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE']) | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment