xiaxinhang/pr-agent
1
0
Fork 0
mirror of https://github.com/qodo-ai/pr-agent.git synced 2025-07-05 13:20:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed webhook security concern

Browse Source
This commit is contained in:
Pinyoo Thotaboot
2025-05-22 15:03:15 +07:00
parent 000f0ba93e
commit 0f893bc492
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pr_agent/servers/gitea_app.py
View File

@ -47,6 +47,10 @@ async def get_body(request: Request):
if webhook_secret: if webhook_secret:
body_bytes = await request.body() body_bytes = await request.body()
signature_header = request.headers.get('x-gitea-signature', None) signature_header = request.headers.get('x-gitea-signature', None)
if not signature_header:
get_logger().error("Missing signature header")
raise HTTPException(status_code=400, detail="Missing signature header")
verify_signature(body_bytes, webhook_secret, f"sha256={signature_header}") verify_signature(body_bytes, webhook_secret, f"sha256={signature_header}")
return body return body