private async Task <string> CheckSignature(GithubWebhook hook) { if (!HttpContext.Request.Headers.TryGetValue("X-Hub-Signature-256", out StringValues header) || header.Count != 1) { throw new HttpResponseException() { Value = new BasicJSONErrorResult("Invalid request", "Missing X-Hub-Signature-256 header").ToString() }; } var actualSignature = header[0]; var readBody = await Request.ReadBodyAsync(); var rawPayload = readBody.Buffer.ToArray(); var neededSignature = "sha256=" + Convert.ToHexString(new HMACSHA256(Encoding.UTF8.GetBytes(hook.Secret)) .ComputeHash(rawPayload)).ToLowerInvariant(); if (!SecurityHelpers.SlowEquals(neededSignature, actualSignature)) { logger.LogWarning( "Github webhook signature ({ActualSignature}) didn't match expected value ({NeededSignature})", actualSignature, neededSignature); throw new HttpResponseException() { Status = StatusCodes.Status403Forbidden, Value = new BasicJSONErrorResult("Invalid signature", "Payload signature does not match expected value").ToString() }; } return(Encoding.UTF8.GetString(rawPayload)); }
public IActionResult Post([FromBody] GithubWebhook value) { GithubService.Instance.PassGithubWebhook(value); return(Ok()); }