private async Task <string> CheckSignature(GithubWebhook hook)
{
if (!HttpContext.Request.Headers.TryGetValue("X-Hub-Signature-256", out StringValues header) ||
header.Count != 1)
{
throw new HttpResponseException()
{
Value = new BasicJSONErrorResult("Invalid request", "Missing X-Hub-Signature-256 header").ToString()
};
}
var actualSignature = header[0];
var readBody = await Request.ReadBodyAsync();
var rawPayload = readBody.Buffer.ToArray();
var neededSignature = "sha256=" + Convert.ToHexString(new HMACSHA256(Encoding.UTF8.GetBytes(hook.Secret))
.ComputeHash(rawPayload)).ToLowerInvariant();
if (!SecurityHelpers.SlowEquals(neededSignature, actualSignature))
{
logger.LogWarning(
"Github webhook signature ({ActualSignature}) didn't match expected value ({NeededSignature})",
actualSignature, neededSignature);
throw new HttpResponseException()
{
Status = StatusCodes.Status403Forbidden,
Value = new BasicJSONErrorResult("Invalid signature",
"Payload signature does not match expected value").ToString()
};
}
return(Encoding.UTF8.GetString(rawPayload));
}
public IActionResult Post([FromBody] GithubWebhook value)
{
GithubService.Instance.PassGithubWebhook(value);
return(Ok());
}
