fix(deploy/webhook): query string token 도 허용 — Gitea native Webhook 지원

Gitea Webhook 등록 완료 (id=1, push events on main). 이제 push 직후 Gitea 가 즉시 webhook 호출 → Actions 우회. route.ts: 헤더 X-Deploy-Token 우선, 없으면 ?token= query 도 검증. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-30 18:05:38 +09:00
parent ef298b381c
commit 76167f0ae5
1 changed files with 4 additions and 1 deletions
@@ -13,7 +13,10 @@ const DEPLOY_TOKEN = process.env.DEPLOY_WEBHOOK_TOKEN || "momo-deploy-2026-secur
 const DEPLOY_SCRIPT = process.env.DEPLOY_SCRIPT || "/deploy/source/scripts/deploy.sh";

 export async function POST(req: NextRequest) {
-  const token = req.headers.get("x-deploy-token") || req.headers.get("X-Deploy-Token");
+  // Gitea native Webhook 은 Custom Header 가 불가능한 버전이 있어 query token 도 허용
+  const headerToken = req.headers.get("x-deploy-token") || req.headers.get("X-Deploy-Token");
+  const queryToken = new URL(req.url).searchParams.get("token");
+  const token = headerToken || queryToken;
  if (token !== DEPLOY_TOKEN) {
    return NextResponse.json({ success: false, message: "Unauthorized" }, { status: 401 });
  }