Disable verify signature when no SECRET env var

opensvc · Sep 13, 2021 · 5b13bd0 · 5b13bd0
1 parent 0e11344
commit 5b13bd0
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -2,6 +2,8 @@
 
 webhook job processor supporting github webhook for pull request, push.
 
+when SECRET env var is defined signature is verified
+
 bundled `runner_lib method: http_post`
 
 ## how to use

diff --git a/src/signature.py b/src/signature.py
@@ -1,12 +1,16 @@
 import hmac
+import logging
 import os
 import connexion
 
-secret = os.environ.get('SECRET', 'This is not a secret')
+secret = os.environ.get('SECRET')
 
 
 def verify(func):
     def wrapper(*argv, **kwargs):
+        if secret is None:
+            logging.info("signature verify skipped (undefined SECRET env var)")
+            return func(*argv, **kwargs)
         data = connexion.request.data
         _, request_digest = connexion.request.headers['X-Hub-Signature'].split('=')
         digest = hmac.new(secret.encode(), msg=data, digestmod='sha1').hexdigest()