@dxdeveloperexperience/hygie
Version:
Hygie is an easy-to-use Open-Source REST API allowing you to interact with GIT events. This NestJS API expose a set of customizable rules to automate your project's life cycle.
56 lines (49 loc) • 1.55 kB
text/typescript
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
HttpStatus,
} from '@nestjs/common';
import { Observable, of } from 'rxjs';
import { logger } from '../logger/logger.service';
()
export class WhiteListInterceptor implements NestInterceptor {
intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
const CryptoJS = require('crypto-js');
const Compare = require('secure-compare');
const request = context.switchToHttp().getRequest();
const response = context.switchToHttp().getResponse();
const bodyRequest: any = request.body;
try {
let gitSignature: string;
if (typeof request.headers['x-hub-signature'] !== 'undefined') {
gitSignature = request.headers['x-hub-signature'];
} else if (
request.headers['x-gitlab-token'] === process.env.WEBHOOK_SECRET
) {
return next.handle();
} else {
response.status(HttpStatus.UNAUTHORIZED).send('Secret token required.');
return of([]);
}
const signature: string =
'sha1=' +
CryptoJS.HmacSHA1(
JSON.stringify(bodyRequest),
process.env.WEBHOOK_SECRET,
).toString();
if (Compare(signature, gitSignature)) {
return next.handle();
} else {
response.status(HttpStatus.UNAUTHORIZED).send('Beta access required.');
return of([]);
}
} catch (e) {
logger.error(e, {
location: 'WhiteListInterceptor',
});
return of([]);
}
}
}