From 6599c20c3086543ada64f301fa9759e6343edb19 Mon Sep 17 00:00:00 2001
From: qpismont <pismont.quentin@protonmail.com>
Date: Wed, 10 Jun 2026 18:08:35 +0000
Subject: [PATCH] verify_signature before adding body to sentry event

---
 src/api.rs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/api.rs b/src/api.rs
index 5179232..2958b1f 100644
--- a/src/api.rs
+++ b/src/api.rs
@@ -79,6 +79,12 @@ where
         let type_header = extract_header(GITEA_EVENT_TYPE_HEADER_NAME, headers)?;
         let body_bytes = read_body(req.into_body()).await?;
 
+        verify_signature(
+            app_state.config.webhook_secret.as_bytes(),
+            &sig_header,
+            &body_bytes,
+        )?;
+
         let body_str = String::from_utf8_lossy(&body_bytes).into_owned();
         sentry::configure_scope(|scope| {
             scope.add_event_processor(move |mut event| {
@@ -89,12 +95,6 @@ where
             });
         });
 
-        verify_signature(
-            app_state.config.webhook_secret.as_bytes(),
-            &sig_header,
-            &body_bytes,
-        )?;
-
         let webhook = parse_webhook(&type_header, &app_state.config.bot_name, &body_bytes)?;
         Ok(WebhookExtract(webhook))
     }