feature: add support for webhooks

greenpau / caddy-git

Git Plugin for Caddy v2

Apache License 2.0

70 stars 13 forks source link

feature: add support for webhooks #5

Closed greenpau closed 2 years ago

greenpau commented 2 years ago

Per @joeworkman,

webhook secret key is pretty simple. It's purely making sure that a specific header has a specific value. For Github the header is X-Hub-Signature-256. We simply need to compare that with the stored key. FYI. Gitlab's header for web hooks is X-Gitlab-Token

Add Caddyfile directive:

git {
  repo foo {
    webhook name <header> <secret>
  } 
}

When a request comes via API endpoint, inspect the header and authorize based on the presence of the webhook header and secret.

QuLogic commented 2 years ago

It doesn't appear that you actually validate X-Hub-Signature-256?

greenpau commented 2 years ago

@QuLogic , want to put a fix? :-)

greenpau commented 2 years ago

It doesn't appear that you actually validate X-Hub-Signature-256

Reopening it.

greenpau commented 2 years ago

Will address the signature validation via https://github.com/greenpau/caddy-git/issues/11