diff --git a/prod.env b/prod.env index 4140d91..0cc413c 100644 --- a/prod.env +++ b/prod.env @@ -2,4 +2,6 @@ LOG_TOKEN="op://Environment Variables - Naomi/Alert Server/api_auth" BOT_TOKEN="op://Environment Variables - Naomi/Amari/bot token" GH_CLIENT_ID="op://Environment Variables - Naomi/Amari/gh client id" GH_CLIENT_SECRET="op://Environment Variables - Naomi/Amari/gh client secret" -GH_PRIVATE_KEY="op://Environment Variables - Naomi/Amari/gh private key" \ No newline at end of file +GH_PRIVATE_KEY="op://Environment Variables - Naomi/Amari/gh private key" +GH_WEBHOOK_SECRET="op://Environment Variables - Naomi/Amari/gh webhook secret" +BASEROW_SECRET="op://Environment Variables - Naomi/Amari/baserow hook auth" \ No newline at end of file diff --git a/src/modules/processGitHubEvent.ts b/src/modules/processGitHubEvent.ts index d53bcdd..bfcde37 100644 --- a/src/modules/processGitHubEvent.ts +++ b/src/modules/processGitHubEvent.ts @@ -25,13 +25,23 @@ const isPull = (body: GithubPayload): body is PullRequestCreated => { * @param request - The Fastify request payload. * @param response - The Fastify reply class. */ -// eslint-disable-next-line max-statements -- STFU. +// eslint-disable-next-line max-statements, max-lines-per-function -- STFU. export const processGithubEvent = async( amari: Amari, - // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard. - request: FastifyRequest<{ Body: GithubPayload }>, + request: FastifyRequest<{ + // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard. + Body: GithubPayload; + // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard. + Querystring: { secret: string }; + }>, response: FastifyReply, ): Promise => { + const { secret } = request.query; + if (secret !== process.env.GH_WEBHOOK_SECRET) { + await response.status(403).send({ + message: "Invalid secret provided!", + }); + } const event = request.headers["x-github-event"]; if (typeof event !== "string") { await response.status(400). diff --git a/src/server/serve.ts b/src/server/serve.ts index 403b0dc..ebbf62f 100644 --- a/src/server/serve.ts +++ b/src/server/serve.ts @@ -57,6 +57,7 @@ const html = ` * Starts up a web server for health monitoring. * @param amari - Amari's instance. */ +// eslint-disable-next-line max-lines-per-function -- STFU. export const instantiateServer = (amari: Amari): void => { try { const server = fastify({ @@ -68,18 +69,21 @@ export const instantiateServer = (amari: Amari): void => { response.send(html); }); - server. + server.post<{ + // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard. + Body: GithubPayload; // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard. - post<{ Body: GithubPayload }>("/github", async(request, response) => { - try { - await processGithubEvent(amari, request, response); - } catch (error) { - if (!(error instanceof Error)) { - return; - } - await logger.error("/github route", error); + Querystring: { secret: string }; + }>("/github", async(request, response) => { + try { + await processGithubEvent(amari, request, response); + } catch (error) { + if (!(error instanceof Error)) { + return; } - }); + await logger.error("/github route", error); + } + }); server. // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard.