Possibility to configure name of the "secret" field in POST webhook

[margru]

Would it be possible to be able to change the name of the field "secret" inside the POST HTTP request within a webhook? Currently, the field is always "secret". I am using another tool listening to these requests (ReadTheDocs) but it expects the secret token to be sent with a different name ("token"; and unfortunatelly, it is not cofigurable either). It means that I cannot use these two great tools together just because of such a tiny problem.

Or if you have any suggestion on how to solve this, it would be great. I was thinking about a proxy modifying the requests but it seems to be as a bad workaround.

[steko]

Hi, sorry to needlessly bump this but it's a persistent annoyance for any Python open source project hosted on Gitea, e.g. in my case https://codeberg.org/steko/iosacal and others. Read the Docs is unfortunately hardcoded and treats just the big hubs as special cases.

I don't suppose it's enough to change the field value in templates/repo/settings/webhook/gitea.tmpl?

[zeripath]

You'd likely have to change all references to json:"secret" to json:"token" in modules/structs/hook.go.

I'm not particularly au fait with the webhooks tbh - I still don't quite understand why we're not providing some template based rendering format for these tbh

[techknowlogick]

json:"secret" in webhooks has been deprecated, and the hmac in header should be used instead, as the secret field will be removed. I am closing this now as secret as a field in the webhook will be removed.

[steko]

Thanks for the update and clarification! Just to be sure I understand correctly, when you refer to "hmac in header should be used instead" is this possible right now or will be enabled when json:"secret" is removed? I'm asking because I still see the same fields on try.gitea.io and I can't find any hmac field.

[techknowlogick]

In the Webhook response you'll see the X-Gitea-Signature header (see screenshot for example), and that is calculated using the shared secret between both systems. As for the secret field inside of the webhook JSON, it'll eventually be removed.

[margru]

It's probably out of the Gitea scope but will this help in setting the integration with the ReadTheDocs server? It seems to me that it would be even worse for the integration...

[margru]

@steko Were you able to setup the integration with the Read the Docs? As I still see no way...

[steko]

@margru unfortunately, no. I'm still building manually from the Readthedocs dashboard. I don't understand how to use the new hmac based method.