jp7fkf/github_webhook.rb Secret

## github_webhook.rb
##################################################################################
# based on MIT lib mruby-hmac by Thiago Scalone. Many Thanks.
# https://github.com/scalone/mruby-hmac
#
#  Created on: Aug 25, 2020
#      Author: Yudai Hashimoto
#      Web   : https://jp7fkf.dev/
#
# MIT License
#
# Copyright (c) 2018 - 2020 Yudai Hashimoto (JP7FKF), Thiago Scalone
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
#################################################################################

BLOCK_SIZE = 64
OPAD       = "\x5c"
IPAD       = "\x36"
PADDING    = "\x00"

def hexdigest(message, key, digester)
  return digest(message, key, digester).unpack("H*").first
end

def digest(message, key, digester)
  if (key.length > BLOCK_SIZE)
    key = digester.digest(key)
  end
  if (key.length < BLOCK_SIZE)
    key = key + (PADDING * (BLOCK_SIZE - key.length))
  end
  o_key_pad = xor(OPAD * BLOCK_SIZE, key)
  i_key_pad = xor(IPAD * BLOCK_SIZE, key)
  return Digest::SHA1.digest(o_key_pad + Digest::SHA1.digest(i_key_pad + message))
end

def xor(a, b)
  return a.unpack('C*').zip(b.unpack('C*')).map{ |c,d| c ^ d }.pack('C*')
end

SECRET_KEY = 'xxxxx'
lambda do |env|
    HMAC_DIGEST = Digest::SHA1.new
    body = env['rack.input'].read
    hmac_signature = 'sha1=' + hexdigest(body, SECRET_KEY, HMAC_DIGEST)
    if env["HTTP_X_HUB_SIGNATURE"] == hmac_signature
        IO.popen('/etc/h2o/misc/gitdeploy.sh')
        return [200, {'content-type' => 'text/plain'}, ["ok"]]
    end
    return [400, {'content-type' => 'text/plain'}, ["HMAC didn't match"]]
end
	##################################################################################
	# based on MIT lib mruby-hmac by Thiago Scalone. Many Thanks.
	# https://github.com/scalone/mruby-hmac
	#
	# Created on: Aug 25, 2020
	# Author: Yudai Hashimoto
	# Web : https://jp7fkf.dev/
	#
	# MIT License
	#
	# Copyright (c) 2018 - 2020 Yudai Hashimoto (JP7FKF), Thiago Scalone
	#
	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	# copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:
	#
	# The above copyright notice and this permission notice shall be included in all
	# copies or substantial portions of the Software.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	# SOFTWARE.
	#
	#################################################################################

	BLOCK_SIZE = 64
	OPAD = "\x5c"
	IPAD = "\x36"
	PADDING = "\x00"

	def hexdigest(message, key, digester)
	return digest(message, key, digester).unpack("H*").first
	end

	def digest(message, key, digester)
	if (key.length > BLOCK_SIZE)
	key = digester.digest(key)
	end
	if (key.length < BLOCK_SIZE)
	key = key + (PADDING * (BLOCK_SIZE - key.length))
	end
	o_key_pad = xor(OPAD * BLOCK_SIZE, key)
	i_key_pad = xor(IPAD * BLOCK_SIZE, key)
	return Digest::SHA1.digest(o_key_pad + Digest::SHA1.digest(i_key_pad + message))
	end

	def xor(a, b)
	return a.unpack('C').zip(b.unpack('C')).map{ \|c,d\| c ^ d }.pack('C*')
	end

	SECRET_KEY = 'xxxxx'
	lambda do \|env\|
	HMAC_DIGEST = Digest::SHA1.new
	body = env['rack.input'].read
	hmac_signature = 'sha1=' + hexdigest(body, SECRET_KEY, HMAC_DIGEST)
	if env["HTTP_X_HUB_SIGNATURE"] == hmac_signature
	IO.popen('/etc/h2o/misc/gitdeploy.sh')
	return [200, {'content-type' => 'text/plain'}, ["ok"]]
	end
	return [400, {'content-type' => 'text/plain'}, ["HMAC didn't match"]]
	end