26 lines
723 B
PHP
26 lines
723 B
PHP
<?php
|
|
require_once '../../startup.php';
|
|
|
|
header('Content-Type: text/plain; charset=utf-8');
|
|
|
|
function die_gh(int $code, string $msg = ''): void {
|
|
http_response_code($code);
|
|
echo $msg;
|
|
exit;
|
|
}
|
|
|
|
if(!defined('GITHUB_SECRET') || empty(GITHUB_SECRET))
|
|
die_gh(500, 'no token defined');
|
|
|
|
$rawBody = file_get_contents('php://input');
|
|
|
|
if(empty($rawBody))
|
|
die_gh(404, 'no data');
|
|
|
|
$sig = explode('=', $_SERVER['HTTP_X_HUB_SIGNATURE'], 2);
|
|
if(count($sig) !== 2 || $sig[0] !== 'sha1' || !hash_equals(hash_hmac($sig[0], $rawBody, GITHUB_SECRET), $sig[1]))
|
|
die_gh(403, 'invalid signature');
|
|
|
|
$body = json_decode($_SERVER['CONTENT_TYPE'] === 'application/x-www-form-urlencoded' ? $_POST['payload'] : $rawBody);
|
|
|
|
|