webhookey/src/main.rs

#![feature(proc_macro_hygiene, decl_macro)]

use anyhow::{anyhow, bail, Result};
use log::{debug, info, trace, warn};
use regex::Regex;
use rocket::{fairing::AdHoc, get, http::Status, post, routes, Response, State};
use rocket_contrib::json::Json;
use serde::{Deserialize, Serialize};

use std::{collections::HashMap, fs::File, io::BufReader, net::SocketAddr, process::Command};

#[derive(Debug, Deserialize, Serialize)]
struct Config {
    hooks: HashMap<String, Hook>,
}

#[derive(Debug, Deserialize, Serialize)]
struct Hook {
    action: Option<String>,
    secrets: Vec<String>,
    filters: HashMap<String, Filter>,
}

#[derive(Debug, Deserialize, Serialize)]
struct Filter {
    pointer: String,
    regex: String,
}

#[derive(Debug, Deserialize, Serialize)]
struct Data(serde_json::Value);

#[get("/")]
fn index() -> &'static str {
    "Hello, webhookey!"
}

fn execute_hook(name: &str, hook: &Hook, data: &serde_json::Value) -> Result<()> {
    debug!("Running hook `{}`", name);

    for (filter_name, filter) in hook.filters.iter() {
        debug!("Matching filter `{}`", filter_name);

        if let Some(value) = data.pointer(&filter.pointer) {
            let regex = Regex::new(&filter.regex)?;

            if let Some(value) = value.as_str() {
                if !regex.is_match(value) {
                    info!("Filter `{}` in hook `{}` did not match", filter_name, name);
                    return Ok(());
                }
            } else {
                anyhow!(
                    "Could not parse pointer in hook `{}` from filter `{}`",
                    name,
                    filter_name
                );
            }
        }
    }

    if let Some(action) = &hook.action {
        info!("Execute `{}` from hook `{}`", action, name);

        let action = action.split(' ').collect::<Vec<&str>>();

        let command = Command::new(action[0]).args(&action[1..]).output()?;

        info!(
            "Command `{}` exited with return code: {}",
            action[0], command.status
        );
        debug!(
            "Output of command `{}` on stderr: {:?}",
            action[0], &command.stderr
        );
        trace!(
            "Output of command `{}` on stdout: {:?}",
            action[0],
            &command.stdout
        );
    }

    Ok(())
}

#[post("/", format = "json", data = "<data>")]
fn receive_hook(address: SocketAddr, config: State<Config>, data: Json<Data>) -> Result<Response> {
    info!("Post request received from: {}", address);

    let mut response = Response::new();
    let data = serde_json::to_value(data.0)?;

    trace!("Data received from: {}\n{}", address, data);

    if let Some(secret) = data.pointer("/secret") {
        if let Some(secret) = secret.as_str() {
            let hooks: HashMap<&String, &Hook> = config
                .hooks
                .iter()
                .filter(|(_hook_name, hook)| hook.secrets.contains(&secret.to_string()))
                .collect();

            if hooks.is_empty() {
                warn!("Secret from {} did not match any hook", address);
                response.set_status(Status::Unauthorized);
            } else {
                for (hook_name, hook) in hooks {
                    execute_hook(&hook_name, &hook, &data)?;
                }
            }
        } else {
            warn!("Data received from {} contains invalid data", address);
            response.set_status(Status::BadRequest);
        }
    } else {
        warn!("Data received from {} did not contain a secret", address);
        response.set_status(Status::NotFound);
    }

    Ok(response)
}

fn get_config() -> Result<File> {
    if let Ok(config) = File::open("/etc/webhookey/config.yml") {
        info!("Loading configuration from `/etc/webhookey/config.yml`");

        return Ok(config);
    }

    if let Some(mut path) = dirs::config_dir() {
        path.push("webhookey/config.yml");

        if let Ok(config) = File::open(&path) {
            info!(
                "Loading configuration from `{}`",
                path.to_str().unwrap_or("path not printable"),
            );

            return Ok(config);
        }
    }

    if let Ok(config) = File::open("config.yml") {
        info!("Loading configuration from `./config.yml`");

        return Ok(config);
    }

    bail!("No configuration files found.");
}

fn main() -> Result<()> {
    env_logger::init();

    let config: Config = serde_yaml::from_reader(BufReader::new(get_config()?))?;

    trace!("Parsed configuration:\n{}", serde_yaml::to_string(&config)?);

    rocket::ignite()
        .mount("/", routes![index, receive_hook])
        .attach(AdHoc::on_attach("webhookey config", move |rocket| {
            Ok(rocket.manage(config))
        }))
        .launch();

    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use rocket::{http::ContentType, local::Client};

    #[test]
    fn index() {
        let rocket = rocket::ignite().mount("/", routes![index]);

        let client = Client::new(rocket).unwrap();
        let mut response = client.get("/").dispatch();

        assert_eq!(response.status(), Status::Ok);
        assert_eq!(response.body_string(), Some("Hello, webhookey!".into()));
    }

    #[test]
    fn secret() {
        let mut hooks = HashMap::new();
        hooks.insert(
            "test_hook".to_string(),
            Hook {
                action: None,
                secrets: vec!["valid".to_string()],
                filters: HashMap::new(),
            },
        );
        let config = Config { hooks: hooks };

        let rocket = rocket::ignite()
            .mount("/", routes![receive_hook])
            .attach(AdHoc::on_attach("webhookey config", move |rocket| {
                Ok(rocket.manage(config))
            }));

        let client = Client::new(rocket).unwrap();
        let response = client
            .post("/")
            .header(ContentType::JSON)
            .remote("127.0.0.1:8000".parse().unwrap())
            .body(r#"{ "secret": "valid" }"#)
            .dispatch();

        assert_eq!(response.status(), Status::Ok);

        let response = client
            .post("/")
            .header(ContentType::JSON)
            .remote("127.0.0.1:8000".parse().unwrap())
            .body(r#"{ "secret": "invalid" }"#)
            .dispatch();

        assert_eq!(response.status(), Status::Unauthorized);

        let response = client
            .post("/")
            .header(ContentType::JSON)
            .remote("127.0.0.1:8000".parse().unwrap())
            .body(r#"{ "not_secret": "invalid" }"#)
            .dispatch();

        assert_eq!(response.status(), Status::NotFound);

        let response = client
            .post("/")
            .header(ContentType::JSON)
            .remote("127.0.0.1:8000".parse().unwrap())
            .body(r#"{ "not_secret": "invalid" "#)
            .dispatch();

        assert_eq!(response.status(), Status::BadRequest);
    }
}