feat: protect github route with secret too

src/modules/processGitHubEvent.ts

@@ -25,13 +25,23 @@ const isPull = (body: GithubPayload): body is PullRequestCreated => {
  * @param request - The Fastify request payload.
  * @param response - The Fastify reply class.
  */
-// eslint-disable-next-line max-statements -- STFU.
+// eslint-disable-next-line max-statements, max-lines-per-function -- STFU.
 export const processGithubEvent = async(
   amari: Amari,
-  // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard.
-  request: FastifyRequest<{ Body: GithubPayload }>,
+  request: FastifyRequest<{
+    // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard.
+    Body:        GithubPayload;
+    // eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify standard.
+    Querystring: { secret: string };
+  }>,
   response: FastifyReply,
 ): Promise<void> => {
+  const { secret } = request.query;
+  if (secret !== process.env.GH_WEBHOOK_SECRET) {
+    await response.status(403).send({
+      message: "Invalid secret provided!",
+    });
+  }
   const event = request.headers["x-github-event"];
   if (typeof event !== "string") {
     await response.status(400).