timmy-tower

replit/timmy-tower

Fork 0

Commit Graph

Author	SHA1	Message	Date
Replit Agent	630a585178	fix: webhook HMAC — Gitea sends raw hex, not sha256= prefixed Gitea's X-Gitea-Signature header contains raw hex HMAC-SHA256. GitHub's X-Hub-Signature-256 uses the sha256= prefix. verifySignature now normalises both formats to raw hex before timingSafeEqual comparison, so pushes from Gitea trigger deploys.	2026-03-20 21:55:04 +00:00
Replit Agent	bb3b14029e	fix: webhook fail-closed, /api/healthz endpoint, queued deploy - webhook.js: fail-closed on missing WEBHOOK_SECRET (exits at startup, never accepts unsigned requests) - webhook.js: single-slot queue — push during deploy is held and runs after current deploy completes (not silently dropped) - deploy.sh + health-check.sh: URL corrected to /api/healthz	2026-03-20 21:07:32 +00:00
alexpaynex	6a4c29eb16	Published your App Replit-Commit-Author: Deployment Replit-Commit-Session-Id: 90c7a60b-2c61-4699-b5c6-6a1ac7469a4d Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: bca5769b-f33f-4202-85e3-b4f84e426350 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/90c7a60b-2c61-4699-b5c6-6a1ac7469a4d/G03TLre Replit-Commit-Deployment-Build-Id: 6750cd6c-5980-4b2b-bcd1-ceb093d94078 Replit-Helium-Checkpoint-Created: true	2026-03-20 21:01:26 +00:00

Author

SHA1

Message

Date

Replit Agent

630a585178

fix: webhook HMAC — Gitea sends raw hex, not sha256= prefixed

Gitea's X-Gitea-Signature header contains raw hex HMAC-SHA256.
GitHub's X-Hub-Signature-256 uses the sha256= prefix.
verifySignature now normalises both formats to raw hex before
timingSafeEqual comparison, so pushes from Gitea trigger deploys.

2026-03-20 21:55:04 +00:00

Replit Agent

bb3b14029e

fix: webhook fail-closed, /api/healthz endpoint, queued deploy

- webhook.js: fail-closed on missing WEBHOOK_SECRET (exits at startup,
  never accepts unsigned requests)
- webhook.js: single-slot queue — push during deploy is held and runs
  after current deploy completes (not silently dropped)
- deploy.sh + health-check.sh: URL corrected to /api/healthz

2026-03-20 21:07:32 +00:00

alexpaynex

6a4c29eb16

Published your App

Replit-Commit-Author: Deployment
Replit-Commit-Session-Id: 90c7a60b-2c61-4699-b5c6-6a1ac7469a4d
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: bca5769b-f33f-4202-85e3-b4f84e426350
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/90c7a60b-2c61-4699-b5c6-6a1ac7469a4d/G03TLre
Replit-Commit-Deployment-Build-Id: 6750cd6c-5980-4b2b-bcd1-ceb093d94078
Replit-Helium-Checkpoint-Created: true

2026-03-20 21:01:26 +00:00

3 Commits