CHE LIANG ZHAO 339b8afe98 fix(webhook): harden security and reliability ...

- Require non-default WEBHOOK_SECRET\n- Strict main/master ref matching\n- Constant-time HMAC signature check\n- Limit request body and add server timeouts\n- Single-flight deploy lock; pass ref/commit to deploy.sh\n- deploy.sh deploys correct branch (main/master)

2026-01-16 14:06:10 +08:00

7.0 KiB

Raw Blame History

View Raw