From 61fbcabcf3e1e7c375cd89b03754d51950c5ab90 Mon Sep 17 00:00:00 2001
From: fean5959a <31990529+fean5959a@users.noreply.github.com>
Date: Mon, 16 Jul 2018 10:41:50 +0200
Subject: [PATCH 1/4] Update webhook.js

---
 lib/git/hooks/webhook.js | 83 +++++++++++++++++++++++++++-------------
 1 file changed, 56 insertions(+), 27 deletions(-)

diff --git a/lib/git/hooks/webhook.js b/lib/git/hooks/webhook.js
index bcdb29a..19b970a 100644
--- a/lib/git/hooks/webhook.js
+++ b/lib/git/hooks/webhook.js
@@ -7,6 +7,8 @@ var logger = require('../../logging.js');
 var Branch = require('../branch.js');
 var git_commands = require('../commands.js');
 
+var sha512 = require('sha512');
+
 // Create an object to map from host port to app.  Multiple hosts can be configured to listen
 // on the same port.
 var server_apps = {};
@@ -85,36 +87,39 @@ function create_webhook(config, repo, implementation) {
 
       /* istanbul ignore else */
       if (implementation.isValid(req)) {
-
-        logger.trace(util.inspect(req.body, {depth: 10}));
-
-        // Only pull changed branches
-        var changes = implementation.getHeadChanges(req);
-        if (changes.length === 0) {
-          logger.trace('No changes in a relevant branch. Checking and updating tags');
-          if (repo.repo_config.support_tags === true) {
-            repo.createNewTagsAsBranch(function(err, new_tags) {
-              if (err) return logger.error(err);
-            });
+        if(implementation.isToken(req, config)) {
+        
+          // Only pull changed branches
+          var changes = implementation.getHeadChanges(req);
+          if (changes.length === 0) {
+            logger.trace('No changes in a relevant branch. Checking and updating tags');
+            if (repo.repo_config.support_tags === true) {
+              repo.createNewTagsAsBranch(function(err, new_tags) {
+                if (err) return logger.error(err);
+              });
+            }
+            return res.send('ok');
           }
-          return res.send('ok');
-        }
 
-        for (var i=0; i<changes.length; ++i) {
-          var change = changes[i];
-          var to_hash = change.to_hash;
-          logger.info('Webhook noted change to branch %s of repo %s with commit id %s', change.branch, repo.name, change.to_hash);
-
-          // Update consul git branch
-          var branch = repo.branches[change.branch];
-          if (branch) {
-            branch.handleRefChange(change.to_hash, function(err) {
-              /* istanbul ignore next */
-              if (err) logger.error(err);
-
-              logger.debug('Updates in branch %s of repo %s complete', change.branch, repo.name);
-            });
+          for (var i=0; i<changes.length; ++i) {
+            var change = changes[i];
+            var to_hash = change.to_hash;
+            logger.info('Webhook noted change to branch %s of repo %s with commit id %s', change.branch, repo.name, change.to_hash);
+
+            // Update consul git branch
+            var branch = repo.branches[change.branch];
+            if (branch) {
+              branch.handleRefChange(change.to_hash, function(err) {
+                /* istanbul ignore next */
+                if (err) logger.error(err);
+
+                logger.debug('Updates in branch %s of repo %s complete', change.branch, repo.name);
+              });
+            }
           }
+        } else {
+          res.status(403);
+          return res.send('ko');
         }
       }
 
@@ -136,6 +141,10 @@ exports.github = {
     return req && req.body && req.body.ref && req.body.head_commit && req.body.head_commit.id;
   },
 
+  isToken: function(req, config) {
+    return true;
+  },
+
   getHeadChanges: function(req) {
     // Return a change to head, if any.
     if (req.body.ref.indexOf('refs/heads/') === 0) {
@@ -161,6 +170,10 @@ exports.stash = {
     return req && req.body && req.body.refChanges;
   },
 
+  isToken: function(req, config) {
+    return true;
+  },
+
   getHeadChanges: function(req) {
     var changes = [];
     for (var i=0; i<req.body.refChanges.length; ++i) {
@@ -201,6 +214,10 @@ exports.bitbucket = {
     return false;
   },
 
+  isToken: function(req, config) {
+    return true;
+  },
+
   getHeadChanges: function(req) {
     var changes = [];
     for (var i=0; i<req.body.commits.length; ++i) {
@@ -230,6 +247,18 @@ exports.gitlab = {
     return req && req.body && req.body.ref && req.body.after;
   },
 
+  isToken: function(req, config) {
+    if (config.token && req.get("X-Gitlab-Token") ) {
+      var tokenHash = sha512(config.token).toString('hex');
+      if(req.get("X-Gitlab-Token") == tokenHash) {
+        return true;
+      } else {
+        return false;
+      }
+    }
+    return true;
+  },
+
   getHeadChanges: function(req) {
     // Return a change to head, if any.
     if (req.body.ref.indexOf('refs/heads/') === 0) {

From f87c36b12f45de676ec64a1d38545b87be1fffc7 Mon Sep 17 00:00:00 2001
From: fean5959a <31990529+fean5959a@users.noreply.github.com>
Date: Mon, 16 Jul 2018 11:11:46 +0200
Subject: [PATCH 2/4] Update webhook.js

---
 lib/git/hooks/webhook.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/git/hooks/webhook.js b/lib/git/hooks/webhook.js
index 19b970a..88dd846 100644
--- a/lib/git/hooks/webhook.js
+++ b/lib/git/hooks/webhook.js
@@ -249,8 +249,8 @@ exports.gitlab = {
 
   isToken: function(req, config) {
     if (config.token && req.get("X-Gitlab-Token") ) {
-      var tokenHash = sha512(config.token).toString('hex');
-      if(req.get("X-Gitlab-Token") == tokenHash) {
+      var tokenHash = sha512(req.get("X-Gitlab-Token")).toString('hex');
+      if(tokenHash == config.token) {
         return true;
       } else {
         return false;

From 53ca884edd83ef8589762b2c5582d127fc25904b Mon Sep 17 00:00:00 2001
From: fean5959a <31990529+fean5959a@users.noreply.github.com>
Date: Mon, 16 Jul 2018 11:43:07 +0200
Subject: [PATCH 3/4] Update package.json

---
 package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5feb215..811e2e9 100644
--- a/package.json
+++ b/package.json
@@ -23,7 +23,8 @@
     "rimraf": "2.2.8",
     "underscore": "^1.8.0",
     "properties": "1.2.1",
-    "js-yaml": "^3.6.1"
+    "js-yaml": "^3.6.1",
+    "sha512": "^0.0.1"
   },
   "devDependencies": {
     "grunt": "^1.0.1",

From 3896b226e9c0a01275b03b181190c6a094a4cfad Mon Sep 17 00:00:00 2001
From: fean5959a <31990529+fean5959a@users.noreply.github.com>
Date: Tue, 21 Aug 2018 12:04:59 +0200
Subject: [PATCH 4/4] Update webhook.js

---
 lib/git/hooks/webhook.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/git/hooks/webhook.js b/lib/git/hooks/webhook.js
index 88dd846..48792c6 100644
--- a/lib/git/hooks/webhook.js
+++ b/lib/git/hooks/webhook.js
@@ -79,6 +79,7 @@ function init_express(config) {
 // object to perform Git or Stash-specific functions.
 function create_webhook(config, repo, implementation) {
   var app = init_express(config);
+  var messageSend = 'ok';
 
   // We don't care what method is used, so use them all.
   ['get','post','put','delete'].forEach(function(verb) {
@@ -98,7 +99,7 @@ function create_webhook(config, repo, implementation) {
                 if (err) return logger.error(err);
               });
             }
-            return res.send('ok');
+            return res.send(messageSend);
           }
 
           for (var i=0; i<changes.length; ++i) {
@@ -119,11 +120,11 @@ function create_webhook(config, repo, implementation) {
           }
         } else {
           res.status(403);
-          return res.send('ko');
+          messageSend = 'ko';
         }
       }
 
-      res.send('ok');
+      res.send(messageSend);
     });
   });