import express from 'express'
import crypto from 'crypto'
import { writeFileSync } from 'fs'

const app = express()
const PORT = 4000

// Use raw body so HMAC matches exact bytes sent by Gitea
app.use(express.raw({ type: 'application/json' }))

const SECRET = 'somesecret'

app.post('/gitea/deploy', (req, res) => {
	const signatureHeader = req.get('X-Hub-Signature-256')

	if (!signatureHeader) {
		return res.status(400).send('Missing signature')
	}

	//console.log(req.headers);

	const expected = 'sha256=' + crypto
		.createHmac('sha256', SECRET)
		.update(req.body)
		.digest('hex')

	const sigBuf = Buffer.from(signatureHeader)
	const expBuf = Buffer.from(expected)

	//writeFileSync('last-payload.bin', req.body);
	//console.log("Stored payload as last-payload.bin")

	if (sigBuf.length !== expBuf.length || !crypto.timingSafeEqual(sigBuf, expBuf)) {
		return res.sendStatus(401);
	}

	res.status(202).end();

})

app.listen(PORT, () => {
	console.log(`Listening on port ${PORT}`)
})