Example #1
0
//GithubMiddleware returns a Handler that authenticates via GitHub's Authorization for
//Webhooks scheme (https://developer.github.com/webhooks/securing/#validating-payloads-from-github)
//Writes a http.StatusUnauthorized if authentication fails
//
func GithubMiddleware(secret string) gin.HandlerFunc {

	// Set out header value for each response
	return func(ctx *gin.Context) {

		requestSignature := ctx.Request.Header.Get("X-Hub-Signature")

		body, err := ioutil.ReadAll(ctx.Request.Body)
		if err != nil {
			ctx.AbortWithStatus(http.StatusUnauthorized)
			return
		}

		ctx.Request.Body = ioutil.NopCloser(bytes.NewReader(body))

		mac := hmac.New(sha1.New, []byte(secret))
		mac.Reset()
		mac.Write(body)
		calculatedSignature := fmt.Sprintf("sha1=%x", mac.Sum(nil))

		if !util.SecureCompare(requestSignature, calculatedSignature) {
			ctx.AbortWithStatus(http.StatusUnauthorized)
		} else {
			ctx.Next()
		}

	}
}
Example #2
0
/*
TravisCI returns a Handler that authenticates via Travis's Authorization for
Webhooks scheme (http://docs.travis-ci.com/user/notifications/#Authorization-for-Webhooks)
Writes a http.StatusUnauthorized if authentication fails
*/
func TravisCIMiddleware(token string) gin.HandlerFunc {
	return func(ctx *gin.Context) {
		providedAuth := ctx.Request.Header.Get("Authorization")

		travisRepoSlug := ctx.Request.Header.Get("Travis-Repo-Slug")
		calculatedAuth := fmt.Sprintf("%x", sha256.Sum256([]byte(fmt.Sprintf("%s%s", travisRepoSlug, token))))

		if !util.SecureCompare(providedAuth, calculatedAuth) {
			ctx.AbortWithStatus(http.StatusUnauthorized)
		}

		ctx.Next()
	}
}
Example #3
0
func TestSize_SecureCompare_DifferentLength(t *testing.T) {
	r := util.SecureCompare("abc", "abcdef")
	if r {
		t.Fatalf("unexpected result:\n\nexp=%v\n\ngot=%v\n\n", false, r)
	}
}
Example #4
0
func TestSize_SecureCompare_Equal(t *testing.T) {
	r := util.SecureCompare("abc", "abc")
	if !r {
		t.Fatalf("unexpected result:\n\nexp=%v\n\ngot=%v\n\n", false, r)
	}
}