finga/webhookey
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity
webhookey/src/main.rs

857 lines
28 KiB
Rust
Raw Normal View History

Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
mod cli;
Move config related code into `config.rs` To continue with code separation to improve readability.
2021-11-19 13:41:48 +01:00
mod config;
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
mod filters;
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
mod metrics;
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
use crate::{
cli::Opts,
Move config related code into `config.rs` To continue with code separation to improve readability.
2021-11-19 13:41:48 +01:00
config::Config,
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
filters::{FilterType, IpFilter},
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
metrics::Metrics,
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
};
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
use anyhow::{anyhow, bail, Result};
Break up code into multiple files In order to increase readability, maintainability and maybe a future independence regarding web frameworks move code to new files.
2021-11-11 21:09:47 +01:00
use clap::Parser;
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
use hmac::{Hmac, Mac, NewMac};
use log::{debug, error, info, trace, warn};
use rocket::{
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
data::{FromData, ToByteUnit},
futures::TryFutureExt,
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
http::{HeaderMap, Status},
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
outcome::Outcome::{self, Failure, Success},
post, routes,
tokio::io::AsyncReadExt,
Data, Request, State,
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
};
Fix execution of scripts For better script and argument support `run_script` is used instead of `process::Command`.
2021-04-16 17:42:40 +02:00
use run_script::ScriptOptions;
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
use serde::{Deserialize, Serialize};
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
use sha2::Sha256;
Print `stdout` and `stderr` as string As the `stdout` as well as the `stderr` were printed as `Vec<u8>` we now convert it to a string.
2021-03-22 11:12:45 +01:00
use std::{
Use `BTreeMap` instead of `HashMap` As ordering of `BTreeMap` is easier for testing and the difference does not really matter.
2021-11-09 13:58:57 +01:00
collections::BTreeMap,
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
fs::File,
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
io::BufReader,
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
net::{IpAddr, Ipv4Addr, SocketAddr},
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
sync::atomic::Ordering,
Print `stdout` and `stderr` as string As the `stdout` as well as the `stderr` were printed as `Vec<u8>` we now convert it to a string.
2021-03-22 11:12:45 +01:00
};
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
use thiserror::Error;
#[derive(Debug, Error)]
pub enum WebhookeyError {
#[error("Could not extract signature from header")]
InvalidSignature,
#[error("Unauthorized request from `{0}`")]
Unauthorized(IpAddr),
#[error("Unmatched hook from `{0}`")]
UnmatchedHook(IpAddr),
#[error("Could not evaluate filter request")]
InvalidFilter,
#[error("IO Error")]
Io(std::io::Error),
#[error("Serde Error")]
Serde(serde_json::Error),
}
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
#[derive(Debug, Deserialize, Serialize)]
#[serde(deny_unknown_fields)]
Move config related code into `config.rs` To continue with code separation to improve readability.
2021-11-19 13:41:48 +01:00
pub struct Hook {
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
command: String,
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
signature: String,
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
ip_filter: Option<IpFilter>,
Implement secret functionality In order to validate requests a field called `secret` has to be sent containing a secret key which validates the request. A hook will be executed only if the secret sent with the request matches the hook's secret.
2021-03-19 10:16:46 +01:00
secrets: Vec<String>,
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
filter: FilterType,
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
}
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
impl Hook {
fn get_command(
&self,
hook_name: &str,
request: &Request,
Fix json parsing bug Increase version for building a new Debian package.
2021-11-16 14:39:22 +01:00
data: &mut serde_json::Value,
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
) -> Result<String> {
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
debug!("Replacing parameters for command of hook `{}`", hook_name);
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(&self.command, request.headers(), data)
}
Fix json parsing bug Increase version for building a new Debian package.
2021-11-16 14:39:22 +01:00
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
fn replace_parameters(
input: &str,
headers: &HeaderMap,
data: &serde_json::Value,
) -> Result<String> {
let mut command = String::new();
let command_template = &mut input.chars();
while let Some(i) = command_template.next() {
if i == '{' {
if let Some('{') = command_template.next() {
let mut token = String::new();
while let Some(i) = command_template.next() {
if i == '}' {
if let Some('}') = command_template.next() {
let expr = token.trim().split(' ').collect::<Vec<&str>>();
let replaced = match expr.get(0) {
Some(&"header") => get_header_field(
headers,
expr.get(1).ok_or_else(|| {
anyhow!("Missing parameter for `header` expression")
})?,
)?
.to_string(),
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
Some(pointer) => {
get_string(data.pointer(pointer).ok_or_else(|| {
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
anyhow!(
"Could not find field refered to in parameter `{}`",
pointer
)
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
})?)?
}
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
None => bail!("Missing expression in variable `{}`", token),
};
command.push_str(&replaced);
trace!("Replace `{}` with: {}", token, replaced);
break;
} else {
command.push('}');
command.push(i);
}
} else {
token.push(i);
}
}
} else {
command.push('{');
command.push(i);
}
} else {
command.push(i);
Fix json parsing bug Increase version for building a new Debian package.
2021-11-16 14:39:22 +01:00
}
}
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Ok(command)
Fix json parsing bug Increase version for building a new Debian package.
2021-11-16 14:39:22 +01:00
}
Split `from_data()` up in smaller pieces To still be able to handle errors correctly, also regarding the http status code, `thiserror::Error` is used.
2021-04-03 01:10:50 +02:00
}
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
#[derive(Debug)]
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
struct Hooks {
Use `BTreeMap` instead of `HashMap` As ordering of `BTreeMap` is easier for testing and the difference does not really matter.
2021-11-09 13:58:57 +01:00
inner: BTreeMap<String, String>,
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
}
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
impl Hooks {
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
async fn get_commands(request: &Request<'_>, data: Data<'_>) -> Result<Self, WebhookeyError> {
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
let mut buffer = Vec::new();
let size = data
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
.open(256_i32.kilobytes())
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
.read_to_end(&mut buffer)
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
.map_err(WebhookeyError::Io)
.await?;
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
info!("Data of size {} received", size);
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
let config = request.guard::<&State<Config>>().await.unwrap(); // should never fail
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
let mut valid = false;
Use `BTreeMap` instead of `HashMap` As ordering of `BTreeMap` is easier for testing and the difference does not really matter.
2021-11-09 13:58:57 +01:00
let mut result = BTreeMap::new();
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
let client_ip = &request
.client_ip()
.unwrap_or(IpAddr::V4(Ipv4Addr::UNSPECIFIED));
let hooks = config.hooks.iter().filter(|(name, hook)| {
if let Some(ip) = &hook.ip_filter {
Fix clippy warnings
2021-06-30 23:52:19 +02:00
accept_ip(name, client_ip, ip)
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
} else {
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
info!(
"Allow hook `{}` from {}, no IP filter was configured",
&name, &client_ip
);
true
}
});
for (hook_name, hook) in hooks {
let signature = request
.headers()
.get_one(&hook.signature)
.ok_or(WebhookeyError::InvalidSignature)?;
let secrets = hook
.secrets
.iter()
Fix clippy warnings
2021-06-30 23:52:19 +02:00
.map(|secret| validate_request(secret, signature, &buffer));
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
for secret in secrets {
match secret {
Ok(()) => {
trace!("Valid signature found for hook `{}`", hook_name);
valid = true;
Fix json parsing bug Increase version for building a new Debian package.
2021-11-16 14:39:22 +01:00
let mut data: serde_json::Value =
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
serde_json::from_slice(&buffer).map_err(WebhookeyError::Serde)?;
Add `HeaderFilter` for filter based on the header This extends filtering to filter also on the received http header.
2021-11-17 15:13:12 +01:00
match hook.filter.evaluate(request, &data) {
Fix json parsing bug Increase version for building a new Debian package.
2021-11-16 14:39:22 +01:00
Ok(true) => match hook.get_command(hook_name, request, &mut data) {
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
Ok(command) => {
info!("Filter for `{}` matched", &hook_name);
result.insert(hook_name.to_string(), command);
break;
}
Err(e) => error!("{}", e),
},
Ok(false) => info!("Filter for `{}` did not match", &hook_name),
Err(error) => {
error!("Could not match filter for `{}`: {}", &hook_name, error)
}
}
}
Err(e) => trace!("Hook `{}` could not validate request: {}", &hook_name, e),
}
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
}
}
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
if !valid {
return Err(WebhookeyError::Unauthorized(*client_ip));
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
}
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
Ok(Hooks { inner: result })
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
}
}
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
fn accept_ip(hook_name: &str, client_ip: &IpAddr, ip: &IpFilter) -> bool {
if ip.validate(client_ip) {
info!("Allow hook `{}` from {}", &hook_name, &client_ip);
return true;
}
warn!("Deny hook `{}` from {}", &hook_name, &client_ip);
false
}
Breakup `from_data()` into smaller bits To improve readability and reduce indention levels some code was moved into their own functions. And a test case was added to the `secret()` test.
2021-03-29 02:19:30 +02:00
fn validate_request(secret: &str, signature: &str, data: &[u8]) -> Result<()> {
Update build dependencies to latest versions Update build dependencies to latest version, also use the 2021 Rust edition. This is also the next version of `webhookey` with version number 0.1.1.
2021-11-06 12:06:10 +01:00
let mut mac = Hmac::<Sha256>::new_from_slice(secret.as_bytes())
Breakup `from_data()` into smaller bits To improve readability and reduce indention levels some code was moved into their own functions. And a test case was added to the `secret()` test.
2021-03-29 02:19:30 +02:00
.map_err(|e| anyhow!("Could not create hasher with secret: {}", e))?;
Fix clippy warnings
2021-06-30 23:52:19 +02:00
mac.update(data);
Breakup `from_data()` into smaller bits To improve readability and reduce indention levels some code was moved into their own functions. And a test case was added to the `secret()` test.
2021-03-29 02:19:30 +02:00
let raw_signature = hex::decode(signature.as_bytes())?;
mac.verify(&raw_signature).map_err(|e| anyhow!("{}", e))
}
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
fn get_header_field<'a>(headers: &'a HeaderMap, param: &str) -> Result<&'a str> {
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
headers
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
.get_one(param)
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
.ok_or_else(|| anyhow!("Could not extract event parameter from header"))
}
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
pub fn get_string(data: &serde_json::Value) -> Result<String, WebhookeyError> {
match &data {
serde_json::Value::Bool(bool) => Ok(bool.to_string()),
serde_json::Value::Number(number) => Ok(number.to_string()),
serde_json::Value::String(string) => Ok(string.as_str().to_string()),
x => {
error!("Could not get string from: {:?}", x);
unimplemented!()
}
}
}
Reorder code To improve readibility and to prepeare split of `webhookey` code from `Rocket` some functions are reordered.
2021-11-07 16:43:10 +01:00
#[rocket::async_trait]
impl<'r> FromData<'r> for Hooks {
type Error = WebhookeyError;
async fn from_data(
request: &'r Request<'_>,
data: Data<'r>,
) -> Outcome<Self, (Status, Self::Error), Data<'r>> {
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
{
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
request
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.guard::<&State<Metrics>>()
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
.await
.unwrap() // TODO: Check if unwrap need to be fixed
.requests_received
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
.fetch_add(1, Ordering::Relaxed);
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
}
Reorder code To improve readibility and to prepeare split of `webhookey` code from `Rocket` some functions are reordered.
2021-11-07 16:43:10 +01:00
match Hooks::get_commands(request, data).await {
Ok(hooks) => {
if hooks.inner.is_empty() {
let client_ip = &request
.client_ip()
.unwrap_or(IpAddr::V4(Ipv4Addr::UNSPECIFIED));
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
request
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.guard::<&State<Metrics>>()
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
.await
.unwrap() // TODO: Check if unwrap need to be fixed
.hooks_unmatched
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
.fetch_add(1, Ordering::Relaxed);
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
Reorder code To improve readibility and to prepeare split of `webhookey` code from `Rocket` some functions are reordered.
2021-11-07 16:43:10 +01:00
warn!("Unmatched hook from {}", &client_ip);
return Failure((Status::NotFound, WebhookeyError::UnmatchedHook(*client_ip)));
}
Success(hooks)
}
Err(WebhookeyError::Unauthorized(e)) => {
error!("{}", WebhookeyError::Unauthorized(e));
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
request
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.guard::<&State<Metrics>>()
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
.await
.unwrap() // TODO: Check if unwrap need to be fixed
.hooks_forbidden
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
.fetch_add(1, Ordering::Relaxed);
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
Reorder code To improve readibility and to prepeare split of `webhookey` code from `Rocket` some functions are reordered.
2021-11-07 16:43:10 +01:00
Failure((Status::Unauthorized, WebhookeyError::Unauthorized(e)))
}
Err(e) => {
error!("{}", e);
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
request
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.guard::<&State<Metrics>>()
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
.await
.unwrap() // TODO: Check if unwrap need to be fixed
.requests_invalid
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
.fetch_add(1, Ordering::Relaxed);
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
Reorder code To improve readibility and to prepeare split of `webhookey` code from `Rocket` some functions are reordered.
2021-11-07 16:43:10 +01:00
Failure((Status::BadRequest, e))
}
}
}
}
#[post("/", format = "json", data = "<hooks>")]
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
async fn receive_hook<'a>(address: SocketAddr, hooks: Hooks, metrics: &State<Metrics>) -> Status {
Reorder code To improve readibility and to prepeare split of `webhookey` code from `Rocket` some functions are reordered.
2021-11-07 16:43:10 +01:00
info!("Post request received from: {}", address);
hooks.inner.iter().for_each(|(name, command)| {
info!("Execute `{}` from hook `{}`", &command, &name);
match run_script::run(command, &vec![], &ScriptOptions::new()) {
Ok((status, stdout, stderr)) => {
info!("Command `{}` exited with return code: {}", &command, status);
trace!("Output of command `{}` on stdout: {:?}", &command, &stdout);
debug!("Output of command `{}` on stderr: {:?}", &command, &stderr);
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
metrics.commands_executed.fetch_add(1, Ordering::Relaxed);
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
let _ = match status {
0 => metrics.commands_successful.fetch_add(1, Ordering::Relaxed),
_ => metrics.commands_failed.fetch_add(1, Ordering::Relaxed),
};
Reorder code To improve readibility and to prepeare split of `webhookey` code from `Rocket` some functions are reordered.
2021-11-07 16:43:10 +01:00
}
Err(e) => {
error!("Execution of `{}` failed: {}", &command, e);
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
Use atomics instead of mutexes Use atomics instead of mutexes to improve access on metrics. Therefor also remove unneeded borrows.
2021-11-13 14:35:40 +01:00
metrics
.commands_execution_failed
.fetch_add(1, Ordering::Relaxed);
Reorder code To improve readibility and to prepeare split of `webhookey` code from `Rocket` some functions are reordered.
2021-11-07 16:43:10 +01:00
}
}
});
Status::Ok
}
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
#[rocket::main]
async fn main() -> Result<()> {
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
env_logger::init();
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
let cli: Opts = Opts::parse();
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
let config: Config = match cli.config {
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
Some(config) => serde_yaml::from_reader(BufReader::new(File::open(config)?))?,
Move config related code into `config.rs` To continue with code separation to improve readability.
2021-11-19 13:41:48 +01:00
_ => serde_yaml::from_reader(BufReader::new(config::get_config()?))?,
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
};
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
trace!("Parsed configuration:\n{}", serde_yaml::to_string(&config)?);
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
if cli.command.is_some() {
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
debug!("Configtest succeded.");
println!("Config is OK");
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
return Ok(());
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
}
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
rocket::build()
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.mount("/", routes![receive_hook, metrics::metrics])
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
.manage(config)
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.manage(Metrics::default())
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
.launch()
.await?;
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
Ok(())
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
}
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
#[cfg(test)]
mod tests {
use super::*;
Move config related code into `config.rs` To continue with code separation to improve readability.
2021-11-19 13:41:48 +01:00
use crate::config::MetricsConfig;
Rename `webook.rs` to `filter.rs` Also improve code separation, still more to come.
2021-11-19 11:28:37 +01:00
use filters::{AddrType, HeaderFilter, JsonFilter};
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
use regex::Regex;
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
use rocket::{
http::{ContentType, Header},
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
local::asynchronous::Client,
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
};
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
use serde_json::json;
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
#[rocket::async_test]
async fn secret() {
Use `BTreeMap` instead of `HashMap` As ordering of `BTreeMap` is easier for testing and the difference does not really matter.
2021-11-09 13:58:57 +01:00
let mut hooks = BTreeMap::new();
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
hooks.insert(
"test_hook".to_string(),
Hook {
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
command: "".to_string(),
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
signature: "X-Gitea-Signature".to_string(),
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
ip_filter: None,
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
secrets: vec!["valid".to_string()],
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
filter: FilterType::JsonFilter(JsonFilter {
pointer: "*".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new(".*").unwrap(),
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
}),
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
},
);
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
let config = Config {
metrics: None,
hooks: hooks,
};
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
let rocket = rocket::build()
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.mount("/", routes![receive_hook])
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
.manage(config)
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.manage(Metrics::default());
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
let client = Client::tracked(rocket).await.unwrap();
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
let response = client
.post("/")
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.header(Header::new(
"X-Gitea-Signature",
"28175a0035f637f3cbb85afee9f9d319631580e7621cf790cd16ca063a2f820e",
))
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.body(&serde_json::to_string(&json!({ "foo": "bar" })).unwrap())
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.dispatch();
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
assert_eq!(response.await.status(), Status::NotFound);
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
let response = client
.post("/")
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.header(Header::new("X-Gitea-Signature", "beef"))
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.body(&serde_json::to_string(&json!({ "foo": "bar" })).unwrap())
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.dispatch();
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
assert_eq!(response.await.status(), Status::Unauthorized);
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
let response = client
.post("/")
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.header(Header::new(
"X-Gitea-Signature",
"c5c315d76318362ec129ca629b50b626bba09ad3d7ba4cc0f4c0afe4a90537a0",
))
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
.body(r#"{ "not_secret": "invalid" "#)
.dispatch();
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
assert_eq!(response.await.status(), Status::BadRequest);
Breakup `from_data()` into smaller bits To improve readability and reduce indention levels some code was moved into their own functions. And a test case was added to the `secret()` test.
2021-03-29 02:19:30 +02:00
let response = client
.post("/")
.header(Header::new("X-Gitea-Signature", "foobar"))
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
.dispatch();
Adapt to new versions of rocket and clap Use clap `3.0.0-beta.5` and rocket `0.5.0-rc.1`.
2021-11-03 13:09:44 +01:00
assert_eq!(response.await.status(), Status::Unauthorized);
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
}
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
#[test]
fn parse_command() {
Rename variable in `parse_command` test Rename `map` to `headers` inside the `parse_command` test to improve readability.
2021-11-05 13:51:31 +01:00
let mut headers = HeaderMap::new();
headers.add_raw("X-Gitea-Event", "something");
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters("command", &headers, &serde_json::Value::Null).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"command"
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(" command", &headers, &serde_json::Value::Null).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" command"
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters("command ", &headers, &serde_json::Value::Null).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"command "
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(" command ", &headers, &serde_json::Value::Null)
.unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" command "
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters("command command ", &headers, &serde_json::Value::Null)
.unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"command command "
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters("{{ /foo }} command", &headers, &json!({ "foo": "bar" }))
.unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"bar command"
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(
Rename variable in `parse_command` test Rename `map` to `headers` inside the `parse_command` test to improve readability.
2021-11-05 13:51:31 +01:00
" command {{ /foo }} ",
&headers,
&json!({ "foo": "bar" })
)
.unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" command bar "
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"{{ /foo }} command{{/field1/foo}}",
Rename variable in `parse_command` test Rename `map` to `headers` inside the `parse_command` test to improve readability.
2021-11-05 13:51:31 +01:00
&headers,
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
&json!({ "foo": "bar", "field1": { "foo": "baz" } })
)
.unwrap(),
"bar commandbaz"
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(
Rename variable in `parse_command` test Rename `map` to `headers` inside the `parse_command` test to improve readability.
2021-11-05 13:51:31 +01:00
" command {{ /foo }} ",
&headers,
&json!({ "foo": "bar" })
)
.unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" command bar "
);
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" {{ /field1/foo }} command",
Rename variable in `parse_command` test Rename `map` to `headers` inside the `parse_command` test to improve readability.
2021-11-05 13:51:31 +01:00
&headers,
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
&json!({ "field1": { "foo": "bar" } })
)
.unwrap(),
" bar command"
);
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(
Arbitrary header fields in commands Adopt the parser to be able to parse header fields.
2021-03-30 01:16:15 +02:00
" {{ header X-Gitea-Event }} command",
Rename variable in `parse_command` test Rename `map` to `headers` inside the `parse_command` test to improve readability.
2021-11-05 13:51:31 +01:00
&headers,
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
&json!({ "field1": { "foo": "bar" } })
)
.unwrap(),
" something command"
);
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
assert_eq!(
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
Hook::replace_parameters(
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
" {{ header X-Gitea-Event }} {{ /field1/foo }} command",
&headers,
&json!({ "field1": { "foo": "bar" } })
)
.unwrap(),
" something bar command"
);
Use a custom parser for commands The removes the dependency for `nom` as commands are now parsed with its own tiny parser.
2021-11-17 13:17:15 +01:00
assert_eq!(
Hook::replace_parameters(
" {{ header X-Gitea-Event }} {{ /field1/foo }} {{ /field1/bar }} {{ /field2/foo }} --command{{ /cmd }}",
&headers,
&json!({ "field1": { "foo": "bar", "bar": "baz" }, "field2": { "foo": "qux" }, "cmd": " else"})
)
.unwrap(),
" something bar baz qux --command else"
);
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
}
#[rocket::async_test]
async fn parse_command_request() {
Use `BTreeMap` instead of `HashMap` As ordering of `BTreeMap` is easier for testing and the difference does not really matter.
2021-11-09 13:58:57 +01:00
let mut hooks = BTreeMap::new();
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
hooks.insert(
Add `Not` filter to `FilterType` To invert the result of filters.
2021-11-17 14:06:07 +01:00
"test_hook0".to_string(),
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
Hook {
command:
"/usr/bin/echo {{ /repository/full_name }} --foo {{ /pull_request/base/ref }}"
.to_string(),
signature: "X-Gitea-Signature".to_string(),
ip_filter: None,
secrets: vec!["valid".to_string()],
filter: FilterType::JsonFilter(JsonFilter {
pointer: "/foo".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new("bar").unwrap(),
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
}),
},
);
hooks.insert(
Add `Not` filter to `FilterType` To invert the result of filters.
2021-11-17 14:06:07 +01:00
"test_hook2".to_string(),
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
Hook {
command: "/usr/bin/echo {{ /repository/full_name }} {{ /pull_request/base/ref }}"
.to_string(),
signature: "X-Gitea-Signature".to_string(),
ip_filter: None,
secrets: vec!["valid".to_string()],
filter: FilterType::JsonFilter(JsonFilter {
pointer: "/foo".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new("bar").unwrap(),
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
}),
},
);
Add `Not` filter to `FilterType` To invert the result of filters.
2021-11-17 14:06:07 +01:00
hooks.insert(
"test_hook3".to_string(),
Hook {
command: "/usr/bin/echo {{ /repository/full_name }} {{ /pull_request/base/ref }}"
.to_string(),
signature: "X-Gitea-Signature".to_string(),
ip_filter: None,
secrets: vec!["valid".to_string()],
filter: FilterType::Not(Box::new(FilterType::JsonFilter(JsonFilter {
pointer: "/foobar".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new("bar").unwrap(),
Add `Not` filter to `FilterType` To invert the result of filters.
2021-11-17 14:06:07 +01:00
}))),
},
);
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
let config = Config {
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
metrics: None,
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
hooks: hooks,
};
let rocket = rocket::build()
.mount("/", routes![receive_hook])
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
.manage(config)
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.manage(Metrics::default());
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
let client = Client::tracked(rocket).await.unwrap();
let response = client
.post("/")
.header(Header::new(
"X-Gitea-Signature",
"693b733871ecb684651a813c82936df683c9e4a816581f385353e06170545400",
))
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
.body(
&serde_json::to_string(&json!({
"foo": "bar",
"repository": {
"full_name": "keith"
},
"pull_request": {
"base": {
"ref": "main"
}
}
}))
.unwrap(),
)
.dispatch();
assert_eq!(response.await.status(), Status::Ok);
}
#[rocket::async_test]
async fn parse_invalid_command_request() {
Use `BTreeMap` instead of `HashMap` As ordering of `BTreeMap` is easier for testing and the difference does not really matter.
2021-11-09 13:58:57 +01:00
let mut hooks = BTreeMap::new();
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
hooks.insert(
"test_hook".to_string(),
Hook {
command: "/usr/bin/echo {{ /repository/full }} {{ /pull_request/base/ref }}"
.to_string(),
signature: "X-Gitea-Signature".to_string(),
ip_filter: None,
secrets: vec!["valid".to_string()],
filter: FilterType::JsonFilter(JsonFilter {
pointer: "/foo".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new("bar").unwrap(),
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
}),
},
);
let config = Config {
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
metrics: None,
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
hooks: hooks,
};
let rocket = rocket::build()
.mount("/", routes![receive_hook])
Add metrics page Add a page to print metrics.
2021-11-07 16:55:11 +01:00
.manage(config)
Move metrics related code into `metrics.rs` To improve readability metrics related code moves to `metrics.rs`.
2021-11-19 11:40:21 +01:00
.manage(Metrics::default());
Remove double parsing of data pointed to As there was an issues with the parser which checked the validity of the JSON pointer pointing to the received JSON data this part is removed. Further some checks were added to double check that case which lead to an invalid behaviour. This fixes #9.
2021-11-06 11:03:27 +01:00
let client = Client::tracked(rocket).await.unwrap();
let response = client
.post("/")
.header(Header::new(
"X-Gitea-Signature",
"693b733871ecb684651a813c82936df683c9e4a816581f385353e06170545400",
))
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
.body(
&serde_json::to_string(&json!({
"foo": "bar",
"repository": {
"full_name": "keith"
},
"pull_request": {
"base": {
"ref": "main"
}
}
}))
.unwrap(),
)
.dispatch();
assert_eq!(response.await.status(), Status::NotFound);
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
}
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
#[test]
fn parse_config() {
let config: Config = serde_yaml::from_str(
r#"---
hooks:
hook1:
command: /usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf
signature: X-Gitea-Signature
ip_filter:
allow:
- 127.0.0.1/31
secrets:
- secret_key_01
- secret_key_02
filter:
json:
pointer: /ref
regex: refs/heads/master
hook2:
command: /usr/bin/local/script_xy.sh asdfasdf
signature: X-Gitea-Signature
secrets:
- secret_key_01
- secret_key_02
filter:
and:
- json:
pointer: /ref
regex: refs/heads/master
Add `HeaderFilter` for filter based on the header This extends filtering to filter also on the received http header.
2021-11-17 15:13:12 +01:00
- header:
field: X-Gitea-Signature
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
regex: f6e5fe4fe37df76629112d55cc210718b6a55e7e"#,
)
.unwrap();
assert_eq!(
serde_yaml::to_string(&config).unwrap(),
serde_yaml::to_string(&Config {
metrics: None,
hooks: BTreeMap::from([
(
"hook1".to_string(),
Hook {
command: "/usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf"
.to_string(),
signature: "X-Gitea-Signature".to_string(),
ip_filter: Some(IpFilter::Allow(vec![AddrType::IpNet(
"127.0.0.1/31".parse().unwrap()
)])),
secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()],
filter: FilterType::JsonFilter(JsonFilter {
pointer: "/ref".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new("refs/heads/master").unwrap(),
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
}),
}
),
(
"hook2".to_string(),
Hook {
command: "/usr/bin/local/script_xy.sh asdfasdf".to_string(),
signature: "X-Gitea-Signature".to_string(),
ip_filter: None,
secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()],
filter: FilterType::And(vec![
FilterType::JsonFilter(JsonFilter {
pointer: "/ref".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new("refs/heads/master").unwrap(),
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
}),
Add `HeaderFilter` for filter based on the header This extends filtering to filter also on the received http header.
2021-11-17 15:13:12 +01:00
FilterType::HeaderFilter(HeaderFilter {
field: "X-Gitea-Signature".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new("f6e5fe4fe37df76629112d55cc210718b6a55e7e")
.unwrap(),
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
}),
]),
}
)
])
})
.unwrap()
);
let config: Config = serde_yaml::from_str(
r#"---
metrics:
enabled: true
hooks:
hook1:
command: /usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf
signature: X-Gitea-Signature
ip_filter:
allow:
- 127.0.0.1/31
secrets:
- secret_key_01
- secret_key_02
filter:
json:
pointer: /ref
regex: refs/heads/master"#,
)
.unwrap();
assert_eq!(
serde_yaml::to_string(&config).unwrap(),
serde_yaml::to_string(&Config {
metrics: Some(MetricsConfig {
enabled: true,
ip_filter: None
}),
hooks: BTreeMap::from([(
"hook1".to_string(),
Hook {
command: "/usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf"
.to_string(),
signature: "X-Gitea-Signature".to_string(),
ip_filter: Some(IpFilter::Allow(vec![AddrType::IpNet(
"127.0.0.1/31".parse().unwrap()
)])),
secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()],
filter: FilterType::JsonFilter(JsonFilter {
pointer: "/ref".to_string(),
Compile regex when parsing config The regexes are now compiled when the config is parsed and not each time a new webhook is received. Adapt tests to using parsed regex.
2021-11-18 17:47:13 +01:00
regex: Regex::new("refs/heads/master").unwrap(),
Make the metrics page configurable Make the metrics page configurable with an `ip_filter`. This closes #10.
2021-11-09 14:50:02 +01:00
}),
}
),])
})
.unwrap()
);
}
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
}
Reference in a new issue Copy permalink