-
Notifications
You must be signed in to change notification settings - Fork 12
/
authentication.go
37 lines (33 loc) · 1008 Bytes
/
authentication.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package main
import (
"crypto/hmac"
"crypto/sha1"
"encoding/hex"
"fmt"
"net/http"
)
func checkAuthentication(body []byte, r *http.Request, secret string) *ErrorResponse {
signature := r.Header.Get("X-Hub-Signature")
if signature == "" {
return &ErrorResponse{nil, http.StatusUnauthorized, "Please provide a X-Hub-Signature"}
}
hasSecret, err := hasSecret(body, signature, secret)
if err != nil {
return &ErrorResponse{err, http.StatusInternalServerError, "Failed to check the signature"}
} else if !hasSecret {
return &ErrorResponse{nil, http.StatusForbidden, "Bad X-Hub-Signature"}
}
return nil
}
func hasSecret(message []byte, signature, key string) (bool, error) {
var messageMACString string
fmt.Sscanf(signature, "sha1=%s", &messageMACString)
messageMAC, err := hex.DecodeString(messageMACString)
if err != nil {
return false, err
}
mac := hmac.New(sha1.New, []byte(key))
mac.Write(message)
expectedMAC := mac.Sum(nil)
return hmac.Equal(messageMAC, expectedMAC), nil
}