diff --git a/src/web/gitCommit.ts b/src/web/gitCommit.ts index 3f668df..5c9125b 100644 --- a/src/web/gitCommit.ts +++ b/src/web/gitCommit.ts @@ -15,6 +15,7 @@ import { CHANNELS } from "../config"; import { client, db } from "../index"; const configured_channel = CHANNELS.UPDATES; +export const ALLOWED_BRANCHES = ["main", "master", "dev"]; export default async function gitCommitPOST(app: Express) { app.post("/git-commit", async (req: Request, res: Response) => { @@ -42,6 +43,14 @@ export default async function gitCommitPOST(app: Express) { const headCommit = body.head_commit; const ref: string = body.ref ?? ""; const branch = ref.replace("refs/heads/", ""); + + if (!ALLOWED_BRANCHES.includes(branch) && !ref.startsWith("refs/tags/")) { + return res.status(200).json({ + success: true, + message: `Branch '${branch}' not in allowed list`, + }); + } + const compareUrl: string = body.compare ?? ""; const forced: boolean = body.forced ?? false; diff --git a/src/web/gitJob.ts b/src/web/gitJob.ts index 88356ab..047bf4d 100644 --- a/src/web/gitJob.ts +++ b/src/web/gitJob.ts @@ -13,6 +13,7 @@ import { } from "discord.js"; import { CHANNELS } from "../config"; import { client, db } from "../index"; +import { ALLOWED_BRANCHES } from "./gitCommit"; const configured_channel = CHANNELS.UPDATES; const EDIT_COOLDOWN_MS = 2000; @@ -221,6 +222,15 @@ export default async function gitJobPOST(app: Express) { } const head_sha: string = job.head_sha; + const branch: string = (job.head_branch as string) || ""; + + if (!ALLOWED_BRANCHES.includes(branch)) { + return res.status(200).json({ + success: true, + message: `Branch '${branch}' not in allowed list`, + }); + } + const jobName: string = job.name; const status: string = job.status; const conclusion: string | null = job.conclusion ?? null;