qpismont/herald
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

add check for action and bot_name

Browse Source
This commit is contained in:
qpismont
2026-06-02 18:42:59 +00:00
parent 0a22be252c
commit 14751f8db1
4 changed files with 126 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/api.rs
+6 -16
View File
@@ -15,10 +15,12 @@ use crate::state::AppState;
pub async fn start(app_state: AppState) -> anyhow::Result<()> {
let http_port = app_state.config.http_port;
let app = Router::new()
.route("/", get(root))
.route("/webhook", post(webhook))
.with_state(app_state);
let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{}", http_port)).await?;
axum::serve(listener, app)
.await
@@ -56,9 +58,7 @@ where
&body_bytes,
)?;
let webhook = parse_webhook(&type_header, &body_bytes)?;
reject_bot_user(&app_state, &webhook)?;
let webhook = parse_webhook(&type_header, &app_state.config.bot_name, &body_bytes)?;
Ok(WebhookExtract(webhook))
}
}
@@ -69,6 +69,7 @@ fn extract_header(key: &str, headers: &axum::http::HeaderMap) -> Result<String,
.ok_or(AppError::WebHookMissingHeaderErr(key.into()))?
.to_str()
.map_err(anyhow::Error::from)?;
Ok(value.to_owned())
}
@@ -79,22 +80,11 @@ async fn read_body(body: axum::body::Body) -> Result<Bytes, AppError> {
.map_err(AppError::from)
}
fn parse_webhook(header: &str, body_bytes: &[u8]) -> Result<WebhookType, AppError> {
fn parse_webhook(header: &str, bot_name: &str, body_bytes: &[u8]) -> Result<WebhookType, AppError> {
let Json(value) =
Json::<Value>::from_bytes(body_bytes).map_err(|_| AppError::MalformedJsonErr)?;
WebhookType::from_event(header, value)
}
fn reject_bot_user(state: &AppState, webhook: &WebhookType) -> Result<(), AppError> {
let user_id = match webhook {
WebhookType::Review(review_payload) => review_payload.comment.user.id,
};
match user_id != state.config.bot_user_id {
true => Ok(()),
false => Err(AppError::UnauthorizedUserIdErr),
}
WebhookType::from_event(header, bot_name, value)
}
fn verify_signature(secret_key: &[u8], sig_header: &str, body: &[u8]) -> Result<(), AppError> {