( req: NextApiRequest, res: NextApiResponse, )
| 24 | } from "./[refreshToken]"; |
| 25 | |
| 26 | export default async function handler( |
| 27 | req: NextApiRequest, |
| 28 | res: NextApiResponse, |
| 29 | ) { |
| 30 | const signature = req.headers["x-hub-signature-256"]; |
| 31 | if (!signature) { |
| 32 | res.status(401).json({ message: "Missing signature header" }); |
| 33 | return; |
| 34 | } |
| 35 | |
| 36 | const githubBody = req.body; |
| 37 | |
| 38 | if (!githubBody?.installation?.id) { |
| 39 | res.status(400).json({ message: "Github Installation not found" }); |
| 40 | return; |
| 41 | } |
| 42 | |
| 43 | const githubResult = await db.query.github.findFirst({ |
| 44 | where: eq(github.githubInstallationId, githubBody.installation.id), |
| 45 | }); |
| 46 | |
| 47 | if (!githubResult) { |
| 48 | res.status(400).json({ message: "Github Installation not found" }); |
| 49 | return; |
| 50 | } |
| 51 | |
| 52 | if (!githubResult.githubWebhookSecret) { |
| 53 | res.status(400).json({ message: "Github Webhook Secret not set" }); |
| 54 | return; |
| 55 | } |
| 56 | const webhooks = new Webhooks({ |
| 57 | secret: githubResult.githubWebhookSecret, |
| 58 | }); |
| 59 | |
| 60 | const verified = await webhooks.verify( |
| 61 | JSON.stringify(githubBody), |
| 62 | signature as string, |
| 63 | ); |
| 64 | |
| 65 | if (!verified) { |
| 66 | res.status(401).json({ message: "Unauthorized" }); |
| 67 | return; |
| 68 | } |
| 69 | |
| 70 | if (req.headers["x-github-event"] === "ping") { |
| 71 | res.status(200).json({ message: "Ping received, webhook is active" }); |
| 72 | return; |
| 73 | } |
| 74 | |
| 75 | if ( |
| 76 | req.headers["x-github-event"] !== "push" && |
| 77 | req.headers["x-github-event"] !== "pull_request" |
| 78 | ) { |
| 79 | res |
| 80 | .status(400) |
| 81 | .json({ message: "We only accept push events or pull_request events" }); |
| 82 | return; |
| 83 | } |
nothing calls this directly
no test coverage detected