From 4db58a03c50ec505307ef4367e720e7199ab1dc9 Mon Sep 17 00:00:00 2001
From: oatakan <oatakan@gmail.com>
Date: Tue, 8 Jun 2021 17:50:42 -0500
Subject: [PATCH 1/3] Add X-Hub-Signature header to webhook deliveries

---
 internal/db/webhook.go | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/internal/db/webhook.go b/internal/db/webhook.go
index 457fa6cbfad..f13c2e98cbe 100644
--- a/internal/db/webhook.go
+++ b/internal/db/webhook.go
@@ -6,6 +6,7 @@ package db
 
 import (
 	"crypto/hmac"
+	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/tls"
 	"encoding/hex"
@@ -437,6 +438,7 @@ type HookTask struct {
 	Type            HookTaskType
 	URL             string `xorm:"TEXT"`
 	Signature       string `xorm:"TEXT"`
+	SignatureGithub string `xorm:"TEXT"`
 	api.Payloader   `xorm:"-" json:"-"`
 	PayloadContent  string `xorm:"TEXT"`
 	ContentType     HookContentType
@@ -633,16 +635,28 @@ func prepareHookTasks(e Engine, repo *Repository, event HookEventType, p api.Pay
 			signature = hex.EncodeToString(sig.Sum(nil))
 		}
 
+		var signaturegithub string
+		if len(w.Secret) > 0 {
+			data, err := payloader.JSONPayload()
+			if err != nil {
+				log.Error("prepareWebhooks.JSONPayload: %v", err)
+			}
+			sig := hmac.New(sha1.New, []byte(w.Secret))
+			_, _ = sig.Write(data)
+			signaturegithub = "sha1=" + hex.EncodeToString(sig.Sum(nil))
+		}
+
 		if err = createHookTask(e, &HookTask{
-			RepoID:      repo.ID,
-			HookID:      w.ID,
-			Type:        w.HookTaskType,
-			URL:         w.URL,
-			Signature:   signature,
-			Payloader:   payloader,
-			ContentType: w.ContentType,
-			EventType:   event,
-			IsSSL:       w.IsSSL,
+			RepoID:      		repo.ID,
+			HookID:      		w.ID,
+			Type:        		w.HookTaskType,
+			URL:         		w.URL,
+			Signature:   		signature,
+			SignatureGithub: 	signaturegithub,
+			Payloader:   		payloader,
+			ContentType: 		w.ContentType,
+			EventType:   		event,
+			IsSSL:       		w.IsSSL,
 		}); err != nil {
 			return fmt.Errorf("createHookTask: %v", err)
 		}
@@ -694,6 +708,7 @@ func (t *HookTask) deliver() {
 	req := httplib.Post(t.URL).SetTimeout(timeout, timeout).
 		Header("X-Github-Delivery", t.UUID).
 		Header("X-Github-Event", string(t.EventType)).
+		Header("X-Hub-Signature", t.SignatureGithub).
 		Header("X-Gogs-Delivery", t.UUID).
 		Header("X-Gogs-Signature", t.Signature).
 		Header("X-Gogs-Event", string(t.EventType)).

From ae6cb4f6c7c6e9315b3727c6ff7c06fd996c06d2 Mon Sep 17 00:00:00 2001
From: oatakan <oatakan@gmail.com>
Date: Tue, 8 Jun 2021 19:50:18 -0500
Subject: [PATCH 2/3] use tab to fix lint issue

---
 internal/db/webhook.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/db/webhook.go b/internal/db/webhook.go
index f13c2e98cbe..ee55ded5fc4 100644
--- a/internal/db/webhook.go
+++ b/internal/db/webhook.go
@@ -652,7 +652,7 @@ func prepareHookTasks(e Engine, repo *Repository, event HookEventType, p api.Pay
 			Type:        		w.HookTaskType,
 			URL:         		w.URL,
 			Signature:   		signature,
-			SignatureGithub: 	signaturegithub,
+			SignatureGithub:	signaturegithub,
 			Payloader:   		payloader,
 			ContentType: 		w.ContentType,
 			EventType:   		event,

From e636f6562f0b94704ad273ece79f5e3b0c78ecf6 Mon Sep 17 00:00:00 2001
From: oatakan <oatakan@gmail.com>
Date: Tue, 8 Jun 2021 20:40:11 -0500
Subject: [PATCH 3/3] apply gofmt to fix lint

---
 internal/db/webhook.go | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/internal/db/webhook.go b/internal/db/webhook.go
index ee55ded5fc4..451bc8fd1dd 100644
--- a/internal/db/webhook.go
+++ b/internal/db/webhook.go
@@ -647,16 +647,16 @@ func prepareHookTasks(e Engine, repo *Repository, event HookEventType, p api.Pay
 		}
 
 		if err = createHookTask(e, &HookTask{
-			RepoID:      		repo.ID,
-			HookID:      		w.ID,
-			Type:        		w.HookTaskType,
-			URL:         		w.URL,
-			Signature:   		signature,
-			SignatureGithub:	signaturegithub,
-			Payloader:   		payloader,
-			ContentType: 		w.ContentType,
-			EventType:   		event,
-			IsSSL:       		w.IsSSL,
+			RepoID:          repo.ID,
+			HookID:          w.ID,
+			Type:            w.HookTaskType,
+			URL:             w.URL,
+			Signature:       signature,
+			SignatureGithub: signaturegithub,
+			Payloader:       payloader,
+			ContentType:     w.ContentType,
+			EventType:       event,
+			IsSSL:           w.IsSSL,
 		}); err != nil {
 			return fmt.Errorf("createHookTask: %v", err)
 		}

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/gogs/gogs/pull/6576.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/gogs/gogs/pull/6576.patch" target="_blank">pFad Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/gogs/gogs/pull/6576.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/gogs/gogs/pull/6576.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>