From e2d4d69972944e204cf2718132d86f29285b01e2 Mon Sep 17 00:00:00 2001 From: Martin/Geno Date: Thu, 14 Feb 2019 03:18:55 +0100 Subject: [PATCH] switch from url to secret to detect hook --- circleci/main.go | 4 ++-- config_example.conf | 2 +- git/main.go | 28 ++++++++++++++++++++-------- grafana/main.go | 22 +++++++++++----------- runtime/config.go | 2 +- 5 files changed, 35 insertions(+), 23 deletions(-) diff --git a/circleci/main.go b/circleci/main.go index 38fbb49..d60ca8c 100644 --- a/circleci/main.go +++ b/circleci/main.go @@ -6,7 +6,7 @@ import ( "net/http" "github.com/bdlm/log" - libHTTP "github.com/genofire/golang-lib/http" + libHTTP "dev.sum7.eu/genofire/golang-lib/http" xmpp "github.com/mattn/go-xmpp" "github.com/mitchellh/mapstructure" @@ -52,7 +52,7 @@ func init() { ok := false for _, hook := range hooks { - if request.Payload.VCSURL != hook.URL { + if request.Payload.VCSURL != hook.Secret { continue } logger.Infof("run hook") diff --git a/config_example.conf b/config_example.conf index 82fd3b7..2a4f08a 100644 --- a/config_example.conf +++ b/config_example.conf @@ -9,5 +9,5 @@ startup_notify_user = ["geno@fireorbit.de"] startup_notify_muc = [] [[hooks.git]] +secret = "github-FreifunkBremen-yanic-notShared-Secret" notify_user = ["geno@fireorbit.de"] -url = "https://github.com/FreifunkBremen/yanic" diff --git a/git/main.go b/git/main.go index acd4acf..aaeb3be 100644 --- a/git/main.go +++ b/git/main.go @@ -6,14 +6,18 @@ import ( "net/http" "github.com/bdlm/log" - libHTTP "github.com/genofire/golang-lib/http" + libHTTP "dev.sum7.eu/genofire/golang-lib/http" xmpp "github.com/mattn/go-xmpp" "github.com/mitchellh/mapstructure" "dev.sum7.eu/genofire/hook2xmpp/runtime" ) -var eventHeader = []string{"X-GitHub-Event", "X-Gogs-Event", "X-Gitlab-Event"} +var eventHeader = map[string]string{ + "X-GitHub-Event": "X-Hub-Signature", + "X-Gogs-Event": "X-Gogs-Delivery", + "X-Gitlab-Event": "X-Gitlab-Token", +} const hookType = "git" @@ -24,21 +28,29 @@ func init() { logger := log.WithField("type", hookType) event := "" - for _, head := range eventHeader { + secret := "" + for head, headSecret := range eventHeader { event = r.Header.Get(head) if event != "" { + secret = r.Header.Get(headSecret) break } } - if event == "" || event == "status" { - return - } - var body map[string]interface{} libHTTP.Read(r, &body) + if s, ok := body["secret"]; ok && secret == "" { + secret = s.(string) + } + + if event == "" || secret == "" { + logger.Warnf("no secret or event found") + http.Error(w, fmt.Sprintf("no secret or event found"), http.StatusNotFound) + return + } + var request requestBody if err := mapstructure.Decode(body, &request); err != nil { logger.Errorf("no readable payload: %s", err) @@ -52,7 +64,7 @@ func init() { ok := false for _, hook := range hooks { - if request.Repository.URL != hook.URL { + if secret != hook.Secret { continue } logger.Infof("run hook") diff --git a/grafana/main.go b/grafana/main.go index b674001..ea2d207 100644 --- a/grafana/main.go +++ b/grafana/main.go @@ -3,10 +3,9 @@ package grafana import ( "fmt" "net/http" - "net/url" "github.com/bdlm/log" - libHTTP "github.com/genofire/golang-lib/http" + libHTTP "dev.sum7.eu/genofire/golang-lib/http" xmpp "github.com/mattn/go-xmpp" "github.com/mitchellh/mapstructure" @@ -46,6 +45,14 @@ func init() { return func(w http.ResponseWriter, r *http.Request) { logger := log.WithField("type", hookType) + _, secret, ok := r.BasicAuth() + + if ok { + logger.Errorf("no secret found") + http.Error(w, fmt.Sprintf("no secret found (basic-auth password)"), http.StatusNotFound) + return + } + var body interface{} libHTTP.Read(r, &body) @@ -61,16 +68,9 @@ func init() { "image": request.ImageURL, }) - ruleURL, err := url.Parse(request.RuleURL) - if err != nil { - logger.Errorf("could not parse ruleURL: %s", err) - http.Error(w, fmt.Sprintf("no readable payload"), http.StatusInternalServerError) - return - } - - ok := false + ok = false for _, hook := range hooks { - if ruleURL.Hostname() != hook.URL { + if secret != hook.Secret { continue } diff --git a/runtime/config.go b/runtime/config.go index 0715be6..e8e862e 100644 --- a/runtime/config.go +++ b/runtime/config.go @@ -28,7 +28,7 @@ type Config struct { } type Hook struct { - URL string `toml:"url"` + Secret string `toml:"secret"` NotifyUser []string `toml:"notify_user"` NotifyMuc []string `toml:"notify_muc"` }