harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(bot): add signature verification logging

Browse source 
- Added info-level logging to provide details about signature verification, including secret length and partial hashes for expected and received signatures.
- Helps in debugging signature mismatches without exposing full sensitive data.
This commit is contained in:
Harald Hoyer 2026-02-03 16:23:14 +01:00
parent d5967cf392
commit 33937ab115
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
systems/x86_64-linux/mx/nextcloud-claude-bot/bot.py
View file

@ -61,17 +61,19 @@ def verify_signature(body: bytes, signature: str) -> bool:
if not BOT_SECRET: if not BOT_SECRET:
log.warning("No bot secret configured, skipping signature verification") log.warning("No bot secret configured, skipping signature verification")
return True return True
expected = hmac.new( expected = hmac.new(
BOT_SECRET.encode(), BOT_SECRET.encode(),
body, body,
hashlib.sha256 hashlib.sha256
).hexdigest() ).hexdigest()
# Nextcloud sends: sha256=<hex> # Nextcloud sends: sha256=<hex>
if signature.startswith("sha256="): if signature.startswith("sha256="):
signature = signature[7:] signature = signature[7:]
log.info(f"Signature verification: secret_len={len(BOT_SECRET)}, expected={expected[:16]}..., received={signature[:16]}...")
return hmac.compare_digest(expected, signature) return hmac.compare_digest(expected, signature)