qpismont/herald
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

verify_signature before adding body to sentry event

Browse Source
This commit is contained in:
qpismont
2026-06-10 18:08:35 +00:00
parent a2d898c07d
commit 6599c20c30
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/api.rs
+6 -6
View File
@@ -79,6 +79,12 @@ where
let type_header = extract_header(GITEA_EVENT_TYPE_HEADER_NAME, headers)?;
let body_bytes = read_body(req.into_body()).await?;
verify_signature(
app_state.config.webhook_secret.as_bytes(),
&sig_header,
&body_bytes,
)?;
let body_str = String::from_utf8_lossy(&body_bytes).into_owned();
sentry::configure_scope(|scope| {
scope.add_event_processor(move |mut event| {
@@ -89,12 +95,6 @@ where
});
});
verify_signature(
app_state.config.webhook_secret.as_bytes(),
&sig_header,
&body_bytes,
)?;
let webhook = parse_webhook(&type_header, &app_state.config.bot_name, &body_bytes)?;
Ok(WebhookExtract(webhook))
}