From ba3591b3acab0bb8f185830f6329d201ed89c03f Mon Sep 17 00:00:00 2001 From: Maks Pikov Date: Tue, 21 Apr 2026 22:03:55 +0000 Subject: [PATCH 1/4] fix(webhook): return 401 when signature header is missing --- apps/dokploy/pages/api/deploy/github.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/dokploy/pages/api/deploy/github.ts b/apps/dokploy/pages/api/deploy/github.ts index 4438366f6..57f926466 100644 --- a/apps/dokploy/pages/api/deploy/github.ts +++ b/apps/dokploy/pages/api/deploy/github.ts @@ -24,6 +24,11 @@ export default async function handler( res: NextApiResponse, ) { const signature = req.headers["x-hub-signature-256"]; + if (!signature) { + res.status(401).json({ message: "Missing signature header" }); + return; + } + const githubBody = req.body; if (!githubBody?.installation?.id) { @@ -50,7 +55,7 @@ export default async function handler( const verified = await webhooks.verify( JSON.stringify(githubBody), - signature as string, + signature, ); if (!verified) { From 8fb517152a63b6dc98514df1d747b422a143d746 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Tue, 21 Apr 2026 22:04:36 +0000 Subject: [PATCH 2/4] [autofix.ci] apply automated fixes --- apps/dokploy/pages/api/deploy/github.ts | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/apps/dokploy/pages/api/deploy/github.ts b/apps/dokploy/pages/api/deploy/github.ts index 57f926466..eadc80a21 100644 --- a/apps/dokploy/pages/api/deploy/github.ts +++ b/apps/dokploy/pages/api/deploy/github.ts @@ -53,10 +53,7 @@ export default async function handler( secret: githubResult.githubWebhookSecret, }); - const verified = await webhooks.verify( - JSON.stringify(githubBody), - signature, - ); + const verified = await webhooks.verify(JSON.stringify(githubBody), signature); if (!verified) { res.status(401).json({ message: "Unauthorized" }); From fc6df3ae0528d3a2fc63acc0e592cabd238738e5 Mon Sep 17 00:00:00 2001 From: OpenClaw Bot Date: Wed, 22 Apr 2026 00:04:44 +0000 Subject: [PATCH 3/4] fix(webhook): cast signature to string to fix TS2345 --- apps/dokploy/pages/api/deploy/github.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/dokploy/pages/api/deploy/github.ts b/apps/dokploy/pages/api/deploy/github.ts index eadc80a21..8aeffdf47 100644 --- a/apps/dokploy/pages/api/deploy/github.ts +++ b/apps/dokploy/pages/api/deploy/github.ts @@ -53,7 +53,7 @@ export default async function handler( secret: githubResult.githubWebhookSecret, }); - const verified = await webhooks.verify(JSON.stringify(githubBody), signature); + const verified = await webhooks.verify(JSON.stringify(githubBody), signature as string); if (!verified) { res.status(401).json({ message: "Unauthorized" }); From ce703ef47872b912e3924d8fc780731fa6732005 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Wed, 22 Apr 2026 00:05:08 +0000 Subject: [PATCH 4/4] [autofix.ci] apply automated fixes --- apps/dokploy/pages/api/deploy/github.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/dokploy/pages/api/deploy/github.ts b/apps/dokploy/pages/api/deploy/github.ts index 8aeffdf47..99f64ecc7 100644 --- a/apps/dokploy/pages/api/deploy/github.ts +++ b/apps/dokploy/pages/api/deploy/github.ts @@ -53,7 +53,10 @@ export default async function handler( secret: githubResult.githubWebhookSecret, }); - const verified = await webhooks.verify(JSON.stringify(githubBody), signature as string); + const verified = await webhooks.verify( + JSON.stringify(githubBody), + signature as string, + ); if (!verified) { res.status(401).json({ message: "Unauthorized" });