-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: migration assistant - OAuth App <> GitHub Apps #1024
Conversation
app.all('/github/webhooks', async (req, res) => { | ||
const signature = req.get('X-Hub-Signature') | ||
if (!(await verifyWebhookSignature( | ||
config.server.github.app.webhookSecret, | ||
JSON.stringify(req.body), | ||
signature | ||
))) { | ||
return res.status(401).send('Cannot verify webhook signature') | ||
} | ||
const event = req.get('X-GitHub-Event') | ||
const hook = webhooks[event] | ||
if (!hook) { | ||
return res.status(400).send('Unsupported event') | ||
} | ||
if (!hook.accepts(req)) { | ||
return res.status(204).send('This webhook performed no action') | ||
} | ||
if (isRudundantWebhook(req)) { | ||
console.log(`Skip redundant webhook for the PR ${req.args.pull_request.html_url} on PR action "${req.args.action}"`) | ||
return res.status(202).send('This seems to be a redundant webhook. Probably there are two webhooks registered: org- and repo-webhook') | ||
} | ||
return hook.handle(req, res) | ||
}) |
Check failure
Code scanning / CodeQL
Missing rate limiting High
authorization
req.session.next = null | ||
logger.debug('Finish processing authentication callback after passport authenticate') | ||
} | ||
githubCallbackPost |
Check failure
Code scanning / CodeQL
Missing rate limiting High
authorization
passport.authenticate('github-app-auth', { | ||
failureRedirect: '/failure?failure=app-auth' | ||
}), | ||
githubCallbackPost |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Pull Request Work in Progress.