Switch from govendor to go modules. (#587)

Thanks to @BenoitKnecht for leading the way on this.
2024-05-11 05:55:12 +00:00 · 2020-01-18 14:40:28 -05:00
parent 31188c3a70
commit 16d0043cce
1554 changed files with 400867 additions and 98222 deletions
--- a/vendor/github.com/google/go-github/github/messages.go
+++ b/vendor/github.com/google/go-github/github/messages.go
@@ -20,6 +20,7 @@ import (
 	"hash"
 	"io/ioutil"
 	"net/http"
+	"net/url"
 	"strings"
 )

@@ -40,6 +41,8 @@ const (
 var (
 	// eventTypeMapping maps webhooks types to their corresponding go-github struct types.
 	eventTypeMapping = map[string]string{
+		"check_run":                   "CheckRunEvent",
+		"check_suite":                 "CheckSuiteEvent",
 		"commit_comment":              "CommitCommentEvent",
 		"create":                      "CreateEvent",
 		"delete":                      "DeleteEvent",
@@ -52,6 +55,7 @@ var (
 		"issue_comment":               "IssueCommentEvent",
 		"issues":                      "IssuesEvent",
 		"label":                       "LabelEvent",
+		"marketplace_purchase":        "MarketplacePurchaseEvent",
 		"member":                      "MemberEvent",
 		"membership":                  "MembershipEvent",
 		"milestone":                   "MilestoneEvent",
@@ -122,6 +126,8 @@ func messageMAC(signature string) ([]byte, func() hash.Hash, error) {

 // ValidatePayload validates an incoming GitHub Webhook event request
 // and returns the (JSON) payload.
+// The Content-Type header of the payload can be "application/json" or "application/x-www-form-urlencoded".
+// If the Content-Type is neither then an error is returned.
 // secretKey is the GitHub Webhook secret message.
 //
 // Example usage:
@@ -133,13 +139,43 @@ func messageMAC(signature string) ([]byte, func() hash.Hash, error) {
 //     }
 //
 func ValidatePayload(r *http.Request, secretKey []byte) (payload []byte, err error) {
-	payload, err = ioutil.ReadAll(r.Body)
-	if err != nil {
-		return nil, err
+	var body []byte // Raw body that GitHub uses to calculate the signature.
+
+	switch ct := r.Header.Get("Content-Type"); ct {
+	case "application/json":
+		var err error
+		if body, err = ioutil.ReadAll(r.Body); err != nil {
+			return nil, err
+		}
+
+		// If the content type is application/json,
+		// the JSON payload is just the original body.
+		payload = body
+
+	case "application/x-www-form-urlencoded":
+		// payloadFormParam is the name of the form parameter that the JSON payload
+		// will be in if a webhook has its content type set to application/x-www-form-urlencoded.
+		const payloadFormParam = "payload"
+
+		var err error
+		if body, err = ioutil.ReadAll(r.Body); err != nil {
+			return nil, err
+		}
+
+		// If the content type is application/x-www-form-urlencoded,
+		// the JSON payload will be under the "payload" form param.
+		form, err := url.ParseQuery(string(body))
+		if err != nil {
+			return nil, err
+		}
+		payload = []byte(form.Get(payloadFormParam))
+
+	default:
+		return nil, fmt.Errorf("Webhook request has unsupported Content-Type %q", ct)
 	}

 	sig := r.Header.Get(signatureHeader)
-	if err := validateSignature(sig, payload, secretKey); err != nil {
+	if err := validateSignature(sig, body, secretKey); err != nil {
 		return nil, err
 	}
 	return payload, nil