S33: thread SecretBox into repo handler deps
- SHA
73d07357e9d596be044dc85da56c006f011223b0- Parents
-
bf76678 - Tree
8c9cca5
tenseleyflow/shithub
/
73d0735
Browse files
1 changed file
| Status | File | + | - |
|---|---|---|---|
| M |
internal/web/handlers/repo/repo.go
|
4 | 0 |
internal/web/handlers/repo/repo.gomodified@@ -21,6 +21,7 @@ import ( | ||
| 21 | 21 | |
| 22 | 22 | "github.com/tenseleyFlow/shithub/internal/auth/audit" |
| 23 | 23 | "github.com/tenseleyFlow/shithub/internal/auth/policy" |
| 24 | + "github.com/tenseleyFlow/shithub/internal/auth/secretbox" | |
| 24 | 25 | "github.com/tenseleyFlow/shithub/internal/auth/throttle" |
| 25 | 26 | "github.com/tenseleyFlow/shithub/internal/infra/storage" |
| 26 | 27 | checksdb "github.com/tenseleyFlow/shithub/internal/checks/sqlc" |
@@ -66,6 +67,9 @@ type Deps struct { | ||
| 66 | 67 | Audit *audit.Recorder |
| 67 | 68 | Limiter *throttle.Limiter |
| 68 | 69 | CloneURLs CloneURLs |
| 70 | + // SecretBox AEAD-wraps webhook secrets at rest (S33). nil disables | |
| 71 | + // the webhook surface (the handler renders a placeholder page). | |
| 72 | + SecretBox *secretbox.Box | |
| 69 | 73 | // ShithubdPath is forwarded to repos.Create so newly-init'd repos |
| 70 | 74 | // have hook shims pointing at the right binary. Empty in test fixtures |
| 71 | 75 | // that don't exercise hooks. |