artanis/BLIGHT--CUE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add debug logging to signature verification

Browse Source 
Temporarily logs received vs expected signatures to diagnose
webhook secret mismatches.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Spencer
2026-03-14 22:47:09 -05:00
parent 7f7ebc84d7
commit 3ee1d55584
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app.py
View File

@@ -11,7 +11,7 @@ import gitea_client
import processor import processor
logging.basicConfig( logging.basicConfig(
level=logging.INFO, level=logging.DEBUG,
format="%(asctime)s [%(levelname)s] %(name)s: %(message)s", format="%(asctime)s [%(levelname)s] %(name)s: %(message)s",
) )
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -25,11 +25,17 @@ def _verify_signature(payload: bytes, signature_header: str | None) -> bool:
Gitea sends X-Gitea-Signature as a raw hex digest (no scheme prefix). Gitea sends X-Gitea-Signature as a raw hex digest (no scheme prefix).
""" """
if not signature_header: if not signature_header:
logger.warning("Signature verification failed: no signature header received")
return False return False
expected = hmac.new( expected = hmac.new(
config.WEBHOOK_SECRET.encode(), payload, hashlib.sha256 config.WEBHOOK_SECRET.encode(), payload, hashlib.sha256
).hexdigest() ).hexdigest()
return hmac.compare_digest(expected, signature_header.strip()) logger.debug("Received signature: %s", signature_header.strip())
logger.debug("Expected signature: %s", expected)
match = hmac.compare_digest(expected, signature_header.strip())
if not match:
logger.warning("Signature mismatch — check WEBHOOK_SECRET matches the secret set in Gitea")
return match
def _handle_push(owner: str, repo: str, changed_files: list[str]) -> None: def _handle_push(owner: str, repo: str, changed_files: list[str]) -> None: