chore: fix eslint errors introduced in phase 4 backend
This commit is contained in:
@@ -17,7 +17,7 @@ export const verifyGithubSignature = async (
|
||||
rawBody: string,
|
||||
signatureHeader: string | null,
|
||||
): Promise<boolean> => {
|
||||
if (!signatureHeader || !signatureHeader.startsWith('sha256=')) return false;
|
||||
if (!signatureHeader?.startsWith('sha256=')) return false;
|
||||
// Web Crypto's importKey throws on a zero-length HMAC key; guard so the
|
||||
// verifier never throws on attacker-controlled input (returns false instead).
|
||||
if (!secret) return false;
|
||||
|
||||
@@ -16,6 +16,9 @@ export const maintenanceDedupKey = (input: {
|
||||
}): string | null => {
|
||||
const head = input.headSha?.trim();
|
||||
if (!head) return null;
|
||||
// Intentional `||`: an empty/whitespace merge base must collapse to the
|
||||
// 'nobase' sentinel, which `??` would not do (it keeps the empty string).
|
||||
// eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
|
||||
const base = input.mergeBaseSha?.trim() || 'nobase';
|
||||
return `${base}:${head}`;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user