github/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-06-21 05:52:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
main
gitea/services
History
Snowball_233 40dec17b5c
Fix Feishu webhook signature verification (#34788) 
# Fix Feishu Webhook Signature Verification

This PR implements proper signature verification for Feishu (Lark)
webhooks according to the [official
documentation](https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot).

## Changes

- Implemented the `GenSign` function based on Feishu's official Go
sample code
- Modified the webhook request creation to include timestamp and
signature in the payload when a secret is configured
- Fixed the signature generation algorithm to properly use HMAC-SHA256
with the correct string format

## Implementation Details

The signature verification works as follows:
1. When a webhook secret is provided, a timestamp is generated
2. The signature string is created using `timestamp + "\n" + secret`
3. The HMAC-SHA256 algorithm is applied to an empty string using the
signature string as the key
4. The result is Base64 encoded to produce the final signature
5. Both timestamp and signature are added to the payload

According to Feishu's documentation, the timestamp must be within 1 hour
(3600 seconds) of the current time to be considered valid.

## Security Note

Feishu emphasizes the importance of keeping webhook URLs secure. Do not
disclose them on GitHub, blogs, or any public sites to prevent
unauthorized use.

## References

- [Feishu Custom Bot
Documentation](https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot)

---------

Co-authored-by: hiifong <i@hiif.ong>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-20 13:09:03 -07:00
..
actions Add workflow_run api + webhook (#33964) 2025-06-20 20:14:00 +08:00
agit Option to delay conflict checking of old pull requests until page view (#27779) 2025-04-24 19:26:57 +00:00
asymkey Improve instance wide ssh commit signing (#34341) 2025-06-11 10:32:55 +00:00
attachment Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
auth Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
automerge Option to delay conflict checking of old pull requests until page view (#27779) 2025-04-24 19:26:57 +00:00
context Add workflow_run api + webhook (#33964) 2025-06-20 20:14:00 +08:00
contexttest Add API endpoint to request contents of multiple files simultaniously (#34139) 2025-04-22 01:20:11 +08:00
convert Add workflow_run api + webhook (#33964) 2025-06-20 20:14:00 +08:00
cron Use default Git timeout when checking repo health (#33593) 2025-02-14 15:13:56 +00:00
doctor Remove unused param doer (#34545) 2025-06-18 03:12:16 +00:00
externalaccount Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
feed Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
forms Add workflow_run api + webhook (#33964) 2025-06-20 20:14:00 +08:00
git Fix GetUsersByEmails (#34643) 2025-06-07 18:30:36 +00:00
gitdiff Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
indexer Update issue indexer after merging a PR (#30715) 2024-05-08 14:45:15 +00:00
issue Fix doctor deleting orphaned issues attachments (#34142) 2025-05-30 05:06:03 +00:00
lfs Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
mailer Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
markup Refactor Git Attribute & performance optimization (#34154) 2025-04-11 21:41:29 +08:00
migrations Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
mirror Only git operations should update last changed of a repository (#34388) 2025-05-11 19:18:46 +00:00
notify Add workflow_run api + webhook (#33964) 2025-06-20 20:14:00 +08:00
oauth2_provider Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
org Remove unused param doer (#34545) 2025-06-18 03:12:16 +00:00
packages Upgrade gopls to v0.19.0, add make fix (#34772) 2025-06-18 19:30:40 +00:00
projects Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
pull Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
release Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
repository Add ff_only parameter to POST /repos/{owner}/{repo}/merge-upstream (#34770) 2025-06-19 12:29:10 -07:00
secrets Added Description Field for Secrets and Variables (#33526) 2025-03-17 19:24:54 +00:00
task Fix bug when migrating repository (#34182) 2025-04-14 04:48:03 +00:00
uinotification Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
user Fix last admin check when syncing users (#34649) 2025-06-09 20:57:45 +00:00
versioned_migration Add global lock for migrations to make upgrade more safe with multiple replications (#33706) 2025-03-07 21:08:53 +00:00
webhook Fix Feishu webhook signature verification (#34788) 2025-06-20 13:09:03 -07:00
webtheme Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00
wiki Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00