From 8a75441642a091c22a6515e059eacaeadc203e1f Mon Sep 17 00:00:00 2001
From: cuizhibin <cuizhibin@kyland.com>
Date: Tue, 22 Jul 2025 09:25:20 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9Egitea=E9=83=A8=E7=BD=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../dite/znpt/web/build/DeployController.java | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/web/src/main/java/com/dite/znpt/web/build/DeployController.java b/web/src/main/java/com/dite/znpt/web/build/DeployController.java
index 193e3bb..fc20ca5 100644
--- a/web/src/main/java/com/dite/znpt/web/build/DeployController.java
+++ b/web/src/main/java/com/dite/znpt/web/build/DeployController.java
@@ -7,10 +7,13 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 
@@ -51,6 +54,41 @@ public class DeployController {
         return ResponseEntity.ok("部署流程已启动");
     }
 
+    @ApiOperation(value = "gitea自动部署", httpMethod = "POST")
+    @PostMapping("/gitea-webhook")
+    public ResponseEntity<String> handleWebhook(@RequestHeader("X-Gitea-Signature") String signature,
+                                                @RequestBody(required = false) byte[] body) {
+
+        // 1. 签名校验
+        if (!validSignature(body, signature)) {
+            throw new RuntimeException("签名错误");
+        }
+
+        // 2. 启动部署流程
+        startDeployment();
+
+        return ResponseEntity.ok("部署流程已启动");
+    }
+
+    private boolean validSignature(byte[] body, String sigHeader) {
+        if (sigHeader == null) return false;
+        try {
+            Mac mac = Mac.getInstance("HmacSHA256");
+            mac.init(new SecretKeySpec(webhookSecret.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
+            byte[] hash = mac.doFinal(body);
+            String computed = "sha256=" + bytesToHex(hash);
+            return computed.equalsIgnoreCase(sigHeader);
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    private String bytesToHex(byte[] bytes) {
+        StringBuilder sb = new StringBuilder();
+        for (byte b : bytes) sb.append(String.format("%02x", b));
+        return sb.toString();
+    }
+
     @ApiOperation(value = "查询自动部署状态", httpMethod = "GET")
     @GetMapping("/deployment-status")
     public ResponseEntity<String> getDeploymentStatus() {