switch from url to secret to detect hook

circleci/main.go

@@ -5,8 +5,8 @@ import (
 
 	"net/http"
 
+	libHTTP "dev.sum7.eu/genofire/golang-lib/http"
 	"github.com/bdlm/log"
-	libHTTP "github.com/genofire/golang-lib/http"
 	xmpp "github.com/mattn/go-xmpp"
 	"github.com/mitchellh/mapstructure"
 
@@ -52,7 +52,7 @@ func init() {
 
 			ok := false
 			for _, hook := range hooks {
-				if request.Payload.VCSURL != hook.URL {
+				if request.Payload.VCSURL != hook.Secret {
 					continue
 				}
 				logger.Infof("run hook")

config_example.conf

@@ -9,5 +9,5 @@ startup_notify_user = ["geno@fireorbit.de"]
 startup_notify_muc = []
 
 [[hooks.git]]
+secret = "github-FreifunkBremen-yanic-notShared-Secret"
 notify_user = ["geno@fireorbit.de"]
-url = "https://github.com/FreifunkBremen/yanic"

git/main.go

@@ -5,15 +5,19 @@ import (
 
 	"net/http"
 
+	libHTTP "dev.sum7.eu/genofire/golang-lib/http"
 	"github.com/bdlm/log"
-	libHTTP "github.com/genofire/golang-lib/http"
 	xmpp "github.com/mattn/go-xmpp"
 	"github.com/mitchellh/mapstructure"
 
 	"dev.sum7.eu/genofire/hook2xmpp/runtime"
 )
 
-var eventHeader = []string{"X-GitHub-Event", "X-Gogs-Event", "X-Gitlab-Event"}
+var eventHeader = map[string]string{
+	"X-GitHub-Event": "X-Hub-Signature",
+	"X-Gogs-Event":   "X-Gogs-Delivery",
+	"X-Gitlab-Event": "X-Gitlab-Token",
+}
 
 const hookType = "git"
 
@@ -24,21 +28,29 @@ func init() {
 			logger := log.WithField("type", hookType)
 
 			event := ""
-			for _, head := range eventHeader {
+			secret := ""
+			for head, headSecret := range eventHeader {
 				event = r.Header.Get(head)
 
 				if event != "" {
+					secret = r.Header.Get(headSecret)
 					break
 				}
 			}
 
-			if event == "" || event == "status" {
-				return
-			}
-
 			var body map[string]interface{}
 			libHTTP.Read(r, &body)
 
+			if s, ok := body["secret"]; ok && secret == "" {
+				secret = s.(string)
+			}
+
+			if event == "" || secret == "" {
+				logger.Warnf("no secret or event found")
+				http.Error(w, fmt.Sprintf("no secret or event found"), http.StatusNotFound)
+				return
+			}
+
 			var request requestBody
 			if err := mapstructure.Decode(body, &request); err != nil {
 				logger.Errorf("no readable payload: %s", err)
@@ -52,7 +64,7 @@ func init() {
 
 			ok := false
 			for _, hook := range hooks {
-				if request.Repository.URL != hook.URL {
+				if secret != hook.Secret {
 					continue
 				}
 				logger.Infof("run hook")

grafana/main.go

@@ -3,10 +3,9 @@ package grafana
 import (
 	"fmt"
 	"net/http"
-	"net/url"
 
+	libHTTP "dev.sum7.eu/genofire/golang-lib/http"
 	"github.com/bdlm/log"
-	libHTTP "github.com/genofire/golang-lib/http"
 	xmpp "github.com/mattn/go-xmpp"
 	"github.com/mitchellh/mapstructure"
 
@@ -46,6 +45,14 @@ func init() {
 		return func(w http.ResponseWriter, r *http.Request) {
 			logger := log.WithField("type", hookType)
 
+			_, secret, ok := r.BasicAuth()
+
+			if !ok {
+				logger.Errorf("no secret found")
+				http.Error(w, fmt.Sprintf("no secret found (basic-auth password)"), http.StatusUnauthorized)
+				return
+			}
+
 			var body interface{}
 			libHTTP.Read(r, &body)
 
@@ -61,16 +68,9 @@ func init() {
 				"image": request.ImageURL,
 			})
 
-			ruleURL, err := url.Parse(request.RuleURL)
+			ok = false
-			if err != nil {
-				logger.Errorf("could not parse ruleURL: %s", err)
-				http.Error(w, fmt.Sprintf("no readable payload"), http.StatusInternalServerError)
-				return
-			}
-
-			ok := false
 			for _, hook := range hooks {
-				if ruleURL.Hostname() != hook.URL {
+				if secret != hook.Secret {
 					continue
 				}
 

runtime/config.go

@@ -28,7 +28,7 @@ type Config struct {
 }
 
 type Hook struct {
-	URL        string   `toml:"url"`
+	Secret     string   `toml:"secret"`
 	NotifyUser []string `toml:"notify_user"`
 	NotifyMuc  []string `toml:"notify_muc"`
 }