revert unrelated drive-by changes

ahrefs · Dec 23, 2020 · fff93a7 · fff93a7
1 parent 2205a98
commit fff93a7
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 22 deletions.
diff --git a/lib/action.ml b/lib/action.ml
@@ -19,7 +19,7 @@ module Action (Github_api : Api.Github) (Slack_api : Api.Slack) = struct
     |> List.filter ~f:(fun c -> c.distinct)
     |> List.filter ~f:(fun c ->
          let branch = Github.commits_branch_of_ref n.ref in
-         let skip = Github.is_main_merge_message ~msg:c.message ?main_branch:cfg.main_branch_name ~branch in
+         let skip = Github.is_main_merge_message ~msg:c.message ~branch cfg in
          if skip then log#info "main branch merge, ignoring %s: %s" c.id (first_line c.message);
          not skip)
     |> List.concat_map ~f:(fun commit ->
@@ -217,7 +217,7 @@ module Action (Github_api : Api.Github) (Slack_api : Api.Slack) = struct
   let process_github_notification (ctx : Context.t) headers body =
     try%lwt
       let secrets = Context.get_secrets_exn ctx in
-      match Github.parse_exn ?hook_token:secrets.gh_hook_token headers body with
+      match Github.parse_exn ~secret:secrets.gh_hook_token headers body with
       | exception exn -> Exn_lwt.fail ~exn "failed to parse payload"
       | payload ->
         ( match%lwt refresh_config_of_context ctx payload with

diff --git a/lib/github.ml b/lib/github.ml
@@ -1,7 +1,6 @@
 open Base
-open Printf
-open Common
 open Devkit
+open Printf
 open Github_j
 
 type t =
@@ -37,42 +36,44 @@ let event_of_filename filename =
   | [ kind; _; "json" ] -> Some kind
   | _ -> None
 
-let is_main_merge_message ~msg:message ?main_branch ~branch =
-  match main_branch with
+let is_main_merge_message ~msg:message ~branch (cfg : Config_t.config) =
+  match cfg.main_branch_name with
   | Some main_branch when String.equal branch main_branch ->
     (*
       handle "Merge <main branch> into <feature branch>" commits when they are merged into main branch
       we should have already seen these commits on the feature branch but for some reason they are distinct:true
     *)
     let prefix = sprintf "Merge branch '%s' into " main_branch in
     let prefix2 = sprintf "Merge remote-tracking branch 'origin/%s' into " main_branch in
-    let title = first_line message in
+    let title = Common.first_line message in
     String.is_prefix title ~prefix || String.is_prefix title ~prefix:prefix2
   | Some main_branch ->
     let expect = sprintf "Merge branch '%s' into %s" main_branch branch in
     let expect2 = sprintf "Merge remote-tracking branch 'origin/%s' into %s" main_branch branch in
-    let title = first_line message in
+    let title = Common.first_line message in
     String.equal title expect || String.equal title expect2
   | _ -> false
 
 let modified_files_of_commit commit = List.concat [ commit.added; commit.removed; commit.modified ]
 
-let has_valid_signature ~hook_token ~headers ~body =
-  match List.Assoc.find headers "x-hub-signature" ~equal:String.equal with
-  | None -> Exn.fail "unable to find header x-hub-signature"
-  | Some signature ->
-    let key = Cstruct.of_string hook_token in
-    let request_hash = Cstruct.to_string @@ Nocrypto.Hash.SHA1.hmac ~key (Cstruct.of_string body) in
-    let (`Hex request_hash) = Hex.of_string request_hash in
-    String.equal signature (sprintf "sha1=%s" request_hash)
+let is_valid_signature ~secret headers_sig body =
+  let request_hash =
+    let key = Cstruct.of_string secret in
+    Cstruct.to_string @@ Nocrypto.Hash.SHA1.hmac ~key (Cstruct.of_string body)
+  in
+  let (`Hex request_hash) = Hex.of_string request_hash in
+  String.equal headers_sig (sprintf "sha1=%s" request_hash)
 
 (* Parse a payload. The type of the payload is detected from the headers. *)
-let parse_exn ?hook_token headers body =
-  match
-    Option.value_map hook_token ~default:true ~f:(fun hook_token -> has_valid_signature ~hook_token ~headers ~body)
-  with
-  | false -> failwith "request signature invalid"
-  | true ->
+let parse_exn ~secret headers body =
+  begin
+    match secret with
+    | None -> ()
+    | Some secret ->
+    match List.Assoc.find headers "x-hub-signature" ~equal:String.equal with
+    | None -> Exn.fail "unable to find header x-hub-signature"
+    | Some req_sig -> if not @@ is_valid_signature ~secret req_sig body then failwith "request signature invalid"
+  end;
   match List.Assoc.find_exn headers "x-github-event" ~equal:String.equal with
   | exception exn -> Exn.fail ~exn "unable to read x-github-event"
   | "push" -> Push (commit_pushed_notification_of_string body)