Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3769887
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/app/Http/Controllers/Gate/GitHubGateController.php b/app/Http/Controllers/Gate/GitHubGateController.php
index 0ea5ea3..f59c388 100644
--- a/app/Http/Controllers/Gate/GitHubGateController.php
+++ b/app/Http/Controllers/Gate/GitHubGateController.php
@@ -1,160 +1,166 @@
<?php
namespace Nasqueron\Notifications\Http\Controllers\Gate;
use Event;
use Request;
use Nasqueron\Notifications\Events\GitHubPayloadEvent;
use Keruald\GitHub\XHubSignature;
class GitHubGateController extends GateController {
///
/// Private members
///
/**
* The request signature, allowing to determine if the payload is legit
*
* @var string
*/
private $signature;
/**
* The GitHub event triggering this request
*
* @var string
*/
private $event;
/**
* The request delivery GUID
*
* @var string
*/
private $delivery;
/**
* The request content, as a structured data
*
* @var stdClass
*/
private $payload;
/**
* The request content
*
* @var string
*/
private $rawRequestContent;
///
/// Constants
///
const SERVICE_NAME = 'GitHub';
///
/// Request processing
///
/**
* Handles POST requests
*
* @param Request $request the HTTP request
* @return Illuminate\Http\Response
*/
public function onPost ($door) {
// Parses the request and check if it's legit
$this->door = $door;
$this->extractHeaders();
$this->extractPayload();
if (!$this->isLegitRequest()) {
abort(403, 'Unauthorized action.');
}
// Process the request
$this->logGateRequest();
$this->onPayload();
// Output
return parent::renderReport();
}
/**
* Extracts headers from the request
*/
protected function extractHeaders () {
$this->signature = $this->getSignature();
$this->event = Request::header('X-Github-Event');
$this->delivery = Request::header('X-Github-Delivery');
}
/**
* Gets the signature from an X-Hub-Signature header
*
* @param string the signature part of the header
*/
private function getSignature () {
$headerSignature = Request::header('X-Hub-Signature');
return XHubSignature::parseSignature($headerSignature);
}
/**
* Extracts payload from the request
*/
protected function extractPayload () {
$request = Request::instance();
$this->rawRequestContent = $request->getContent();
$this->payload = json_decode($this->rawRequestContent);
}
/**
* Determines if the request is legit.
*
* @return bool true if the request looks legit; otherwise, false.
*/
protected function isLegitRequest () {
$secret = $this->getSecret();
// If the secret is not defined, request legitimation is bypassed
if (empty($secret)) {
return true;
}
+ // If the secret is defined, but signature is missing from the
+ // request, we don't need to perform any other validation.
+ if (empty($this->signature)) {
+ return false;
+ }
+
return XHubSignature::validatePayload(
$secret,
$this->rawRequestContent,
$this->signature
);
}
/**
* Logs the request
*/
protected function logGateRequest () {
$this->logRequest([
'delivery' => $this->delivery,
'event' => $this->event,
]);
}
///
/// Payload processing
///
protected function onPayload () {
$this->initializeReport();
Event::fire(new GitHubPayloadEvent(
$this->door,
$this->event,
$this->payload
));
}
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Mon, Nov 25, 17:43 (11 h, 7 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2260662
Default Alt Text
(3 KB)
Attached To
Mode
rNOTIF Notifications center
Attached
Detach File
Event Timeline
Log In to Comment