Merge pull request #54 from primait/payload-signature

Payload signature
2026-06-04 18:24:05 +08:00 · 2020-06-29 09:19:27 +02:00
parent b06afe33fc bff3a91abd
commit 25de318efb
2 changed files with 48 additions and 20 deletions
@@ -70,6 +70,17 @@ func main() {
 			Usage:  "skip ssl verification",
 			EnvVar: "PLUGIN_SKIP_VERIFY",
 		},
+		cli.StringFlag{
+			Name:   "signature-header",
+			Usage:  "header name to use in request",
+			EnvVar: "PLUGIN_SIGNATURE_HEADER,WEBHOOK_SIGNATURE_HEADER",
+			Value:  "X-Drone-Signature",
+		},
+		cli.StringFlag{
+			Name:   "signature-secret",
+			Usage:  "secret to generate signature",
+			EnvVar: "PLUGIN_SIGNATURE_SECRET,WEBHOOK_SIGNATURE_SECRET",
+		},
 		cli.StringFlag{
 			Name:   "repo.owner",
 			Usage:  "repository owner",
@@ -186,16 +197,18 @@ func run(c *cli.Context) error {
 			Started: c.Int64("job.started"),
 		},
 		Config: Config{
-			Method:      c.String("method"),
-			Username:    c.String("username"),
-			Password:    c.String("password"),
-			ContentType: c.String("content-type"),
-			Template:    c.String("template"),
-			Headers:     c.StringSlice("headers"),
-			URLs:        c.StringSlice("urls"),
-			ValidCodes:  c.IntSlice("valid-response-codes"),
-			Debug:       c.Bool("debug"),
-			SkipVerify:  c.Bool("skip-verify"),
+			Method:          c.String("method"),
+			Username:        c.String("username"),
+			Password:        c.String("password"),
+			ContentType:     c.String("content-type"),
+			Template:        c.String("template"),
+			Headers:         c.StringSlice("headers"),
+			URLs:            c.StringSlice("urls"),
+			ValidCodes:      c.IntSlice("valid-response-codes"),
+			Debug:           c.Bool("debug"),
+			SkipVerify:      c.Bool("skip-verify"),
+			SignatureHeader: c.String("signature_header"),
+			SignatureSecret: c.String("signature_secret"),
 		},
 	}

@@ -2,7 +2,10 @@ package main

 import (
 	"bytes"
+	"crypto/hmac"
+	"crypto/sha256"
 	"crypto/tls"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -37,16 +40,18 @@ type (
 	}

 	Config struct {
-		Method      string
-		Username    string
-		Password    string
-		ContentType string
-		Template    string
-		Headers     []string
-		URLs        []string
-		ValidCodes  []int
-		Debug       bool
-		SkipVerify  bool
+		Method          string
+		Username        string
+		Password        string
+		ContentType     string
+		Template        string
+		Headers         []string
+		URLs            []string
+		ValidCodes      []int
+		Debug           bool
+		SkipVerify      bool
+		SignatureHeader string
+		SignatureSecret string
 	}

 	Job struct {
@@ -117,6 +122,16 @@ func (p Plugin) Exec() error {

 		req.Header.Set("Content-Type", p.Config.ContentType)

+		if p.Config.SignatureSecret != "" {
+			// generate signature with secret and body
+			h := hmac.New(sha256.New, []byte(p.Config.SignatureSecret))
+			h.Write(b)
+			sha := hex.EncodeToString(h.Sum(nil))
+
+			// append signature to headers
+			req.Header.Set(p.Config.SignatureHeader, fmt.Sprintf("sha256=%s", sha))
+		}
+
 		for _, value := range p.Config.Headers {
 			header := strings.Split(value, "=")
 			req.Header.Set(header[0], header[1])