From 836ab005aaa15fda59c5d27e74ec198ffb29ad4c Mon Sep 17 00:00:00 2001 From: Mateusz Schoen <76482518+shonun1@users.noreply.github.com> Date: Sat, 25 May 2024 01:14:02 +0200 Subject: [PATCH] Reset HTTP request body after reading the stream during webhook validation (#64) --- client_test.go | 5 +++++ webhook.go | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/client_test.go b/client_test.go index d0fe446..785f8f5 100644 --- a/client_test.go +++ b/client_test.go @@ -1744,6 +1744,11 @@ func TestValidateWebhook(t *testing.T) { isValid, err := replicate.ValidateWebhookRequest(req, testSecret) require.NoError(t, err) assert.True(t, isValid) + + // Ensure that the request body is available after validation + bodyBytes, err := io.ReadAll(req.Body) + require.NoError(t, err) + assert.Equal(t, body, string(bodyBytes)) } func TestGetDeployment(t *testing.T) { diff --git a/webhook.go b/webhook.go index d24b57b..198fc79 100644 --- a/webhook.go +++ b/webhook.go @@ -1,6 +1,7 @@ package replicate import ( + "bytes" "context" "crypto/hmac" "crypto/sha256" @@ -80,6 +81,9 @@ func ValidateWebhookRequest(req *http.Request, secret WebhookSigningSecret) (boo if err != nil { return false, fmt.Errorf("failed to read request body: %w", err) } + defer req.Body.Close() + + req.Body = io.NopCloser(bytes.NewBuffer(bodyBytes)) body := string(bodyBytes) signedContent := fmt.Sprintf("%s.%s.%s", id, timestamp, body)