-
Notifications
You must be signed in to change notification settings - Fork 0
/
verify_request.ex
51 lines (40 loc) · 1.13 KB
/
verify_request.ex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
defmodule Comment.Github.VerifyRequest do
@moduledoc """
This module handle the Plug for Github requests
"""
import Plug.Conn, only: [get_req_header: 2]
alias Comment.Crypto
alias Comment.{HTTPBadRequest, HTTPNotAuthorized}
def init(options), do: options
def call(%Plug.Conn{request_path: path} = conn, opts) do
if path in opts[:paths], do: verify_request!(conn, opts)
conn
end
defp verify_request!(%Plug.Conn{} = conn, _opts) do
get_req_header(conn, "x-hub-signature")
|> case do
[signature] ->
verify_signature!(conn, signature)
_ ->
raise(HTTPBadRequest)
end
end
defp verify_signature!(conn, signature) do
digest =
String.split(signature, "=")
|> case do
[_type, digest] ->
digest
_ ->
raise(HTTPBadRequest)
end
%Plug.Conn{assigns: %{raw_body: body}} = conn
result_digest =
secret_key!()
|> Crypto.calculate_signature(body)
unless digest == result_digest, do: raise("Digest: #{result_digest}")
end
defp secret_key! do
Application.fetch_env!(:comment, :github_secret_key)
end
end