finga/webhookey
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity
webhookey/src/main.rs

682 lines
20 KiB
Rust
Raw Normal View History

Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
#![feature(proc_macro_hygiene, decl_macro)]
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
use anyhow::{anyhow, bail, Result};
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
use clap::{crate_authors, crate_version, AppSettings, Clap};
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
use hmac::{Hmac, Mac, NewMac};
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
use ipnet::IpNet;
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
use log::{debug, error, info, trace, warn};
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
use nom::{
branch::alt,
bytes::complete::{tag, take_until},
combinator::map_res,
multi::many0,
sequence::delimited,
Finish, IResult,
};
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
use regex::Regex;
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
use rocket::{
data::{self, FromDataSimple},
fairing::AdHoc,
http::{HeaderMap, Status},
post, routes, Data,
Outcome::{Failure, Success},
Request, Response, State,
};
Fix execution of scripts For better script and argument support `run_script` is used instead of `process::Command`.
2021-04-16 17:42:40 +02:00
use run_script::ScriptOptions;
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
use serde::{Deserialize, Serialize};
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
use sha2::Sha256;
Split `from_data()` up in smaller pieces To still be able to handle errors correctly, also regarding the http status code, `thiserror::Error` is used.
2021-04-03 01:10:50 +02:00
use thiserror::Error;
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
Print `stdout` and `stderr` as string As the `stdout` as well as the `stderr` were printed as `Vec<u8>` we now convert it to a string.
2021-03-22 11:12:45 +01:00
use std::{
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
collections::HashMap,
fs::File,
io::{BufReader, Read},
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
net::{IpAddr, Ipv4Addr, SocketAddr},
Print `stdout` and `stderr` as string As the `stdout` as well as the `stderr` were printed as `Vec<u8>` we now convert it to a string.
2021-03-22 11:12:45 +01:00
};
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
#[derive(Debug, Error)]
enum WebhookeyError {
#[error("Could not extract signature from header")]
InvalidSignature,
#[error("Unauthorized request from `{0}`")]
Unauthorized(IpAddr),
#[error("Unmatched hook from `{0}`")]
UnmatchedHook(IpAddr),
#[error("Could not find field refered to in parameter `{0}`")]
InvalidParameterPointer(String),
#[error("Could not evaluate filter request")]
InvalidFilter,
#[error("IO Error")]
Io(std::io::Error),
#[error("Serde Error")]
Serde(serde_json::Error),
#[error("Regex Error")]
Regex(regex::Error),
}
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
#[derive(Clap, Debug)]
enum Command {
/// Verifies if the configuration can be parsed without errors
Configtest,
}
#[derive(Clap, Debug)]
#[clap(
version = crate_version!(),
author = crate_authors!(", "),
global_setting = AppSettings::VersionlessSubcommands,
global_setting = AppSettings::InferSubcommands,
)]
struct Opts {
/// Provide a path to the configuration file
#[clap(short, long, value_name = "FILE")]
config: Option<String>,
#[clap(subcommand)]
command: Option<Command>,
}
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
#[derive(Debug, Deserialize, Serialize)]
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
#[serde(deny_unknown_fields, untagged)]
enum AddrType {
IpAddr(IpAddr),
IpNet(IpNet),
}
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
impl AddrType {
fn matches(&self, client_ip: &IpAddr) -> bool {
match self {
AddrType::IpAddr(addr) => addr == client_ip,
AddrType::IpNet(net) => net.contains(client_ip),
}
}
}
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
#[derive(Debug, Deserialize, Serialize)]
#[serde(deny_unknown_fields, rename_all = "lowercase")]
enum IpFilter {
Allow(Vec<AddrType>),
Deny(Vec<AddrType>),
}
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
impl IpFilter {
fn validate(&self, client_ip: &IpAddr) -> bool {
match self {
IpFilter::Allow(list) => list.iter().any(|i| i.matches(client_ip)),
IpFilter::Deny(list) => !list.iter().any(|i| i.matches(client_ip)),
}
}
}
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
#[derive(Debug, Deserialize, Serialize)]
#[serde(deny_unknown_fields)]
struct Config {
hooks: HashMap<String, Hook>,
}
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
#[derive(Debug, Deserialize, Serialize)]
#[serde(deny_unknown_fields)]
struct JsonFilter {
pointer: String,
regex: String,
}
impl JsonFilter {
fn evaluate(&self, data: &serde_json::Value) -> Result<bool, WebhookeyError> {
trace!(
"Matching `{}` on `{}` from received json",
&self.regex,
&self.pointer,
);
let regex = Regex::new(&self.regex).map_err(WebhookeyError::Regex)?;
if let Some(value) = data.pointer(&self.pointer) {
let value = get_string(value)?;
if regex.is_match(&value) {
debug!("Regex `{}` for `{}` matches", &self.regex, &self.pointer);
return Ok(true);
}
}
debug!(
"Regex `{}` for `{}` does not match",
&self.regex, &self.pointer
);
Ok(false)
}
}
#[derive(Debug, Deserialize, Serialize)]
#[serde(deny_unknown_fields, rename_all = "lowercase")]
enum FilterType {
And(Vec<FilterType>),
Or(Vec<FilterType>),
#[serde(rename = "json")]
JsonFilter(JsonFilter),
}
impl FilterType {
fn evaluate(
&self,
request: &Request,
data: &serde_json::Value,
) -> Result<bool, WebhookeyError> {
match self {
FilterType::And(filters) => {
let (results, errors): (Vec<_>, Vec<_>) = filters
.iter()
.map(|filter| filter.evaluate(request, data))
.partition(Result::is_ok);
if errors.is_empty() {
Ok(results.iter().all(|r| *r.as_ref().unwrap())) // should never fail
} else {
errors.iter().for_each(|e| {
error!("Could not evaluate Filter: {}", e.as_ref().unwrap_err())
});
Err(WebhookeyError::InvalidFilter)
}
}
FilterType::Or(filters) => {
let (results, errors): (Vec<_>, Vec<_>) = filters
.iter()
.map(|filter| filter.evaluate(request, data))
.partition(Result::is_ok);
if errors.is_empty() {
Ok(results.iter().any(|r| *r.as_ref().unwrap())) // should never fail
} else {
errors.iter().for_each(|e| {
error!("Could not evaluate Filter: {}", e.as_ref().unwrap_err())
});
Err(WebhookeyError::InvalidFilter)
}
}
FilterType::JsonFilter(filter) => filter.evaluate(data),
}
}
}
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
#[derive(Debug, Deserialize, Serialize)]
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
#[serde(deny_unknown_fields)]
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
struct Hook {
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
command: String,
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
signature: String,
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
ip_filter: Option<IpFilter>,
Implement secret functionality In order to validate requests a field called `secret` has to be sent containing a secret key which validates the request. A hook will be executed only if the secret sent with the request matches the hook's secret.
2021-03-19 10:16:46 +01:00
secrets: Vec<String>,
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
filter: FilterType,
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
}
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
impl Hook {
fn get_command(
&self,
hook_name: &str,
request: &Request,
data: &mut serde_json::Value,
) -> Result<String> {
trace!("Replacing parameters for command of hook `{}`", hook_name);
for parameter in get_parameter(&self.command)? {
let parameter = parameter.trim();
if let Some(json_value) = data.pointer(parameter) {
*data.pointer_mut(parameter).ok_or_else(|| {
WebhookeyError::InvalidParameterPointer(parameter.to_string())
})? = serde_json::Value::String(get_string(json_value)?);
}
}
Fix clippy warnings
2021-06-30 23:52:19 +02:00
replace_parameters(&self.command, request.headers(), data)
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
}
Split `from_data()` up in smaller pieces To still be able to handle errors correctly, also regarding the http status code, `thiserror::Error` is used.
2021-04-03 01:10:50 +02:00
}
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
#[derive(Debug)]
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
struct Hooks {
inner: HashMap<String, String>,
}
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
impl Hooks {
fn get_commands(request: &Request, data: Data) -> Result<Self, WebhookeyError> {
let mut buffer = Vec::new();
let size = data
.open()
.read_to_end(&mut buffer)
.map_err(WebhookeyError::Io)?;
info!("Data of size {} received", size);
let config = request.guard::<State<Config>>().unwrap(); // should never fail
let mut valid = false;
let mut result = HashMap::new();
let client_ip = &request
.client_ip()
.unwrap_or(IpAddr::V4(Ipv4Addr::UNSPECIFIED));
let hooks = config.hooks.iter().filter(|(name, hook)| {
if let Some(ip) = &hook.ip_filter {
Fix clippy warnings
2021-06-30 23:52:19 +02:00
accept_ip(name, client_ip, ip)
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
} else {
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
info!(
"Allow hook `{}` from {}, no IP filter was configured",
&name, &client_ip
);
true
}
});
for (hook_name, hook) in hooks {
let signature = request
.headers()
.get_one(&hook.signature)
.ok_or(WebhookeyError::InvalidSignature)?;
let secrets = hook
.secrets
.iter()
Fix clippy warnings
2021-06-30 23:52:19 +02:00
.map(|secret| validate_request(secret, signature, &buffer));
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
for secret in secrets {
match secret {
Ok(()) => {
trace!("Valid signature found for hook `{}`", hook_name);
valid = true;
let mut data: serde_json::Value =
serde_json::from_slice(&buffer).map_err(WebhookeyError::Serde)?;
match hook.filter.evaluate(request, &data) {
Fix clippy warnings
2021-06-30 23:52:19 +02:00
Ok(true) => match hook.get_command(hook_name, request, &mut data) {
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
Ok(command) => {
info!("Filter for `{}` matched", &hook_name);
result.insert(hook_name.to_string(), command);
break;
}
Err(e) => error!("{}", e),
},
Ok(false) => info!("Filter for `{}` did not match", &hook_name),
Err(error) => {
error!("Could not match filter for `{}`: {}", &hook_name, error)
}
}
}
Err(e) => trace!("Hook `{}` could not validate request: {}", &hook_name, e),
}
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
}
}
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
if !valid {
return Err(WebhookeyError::Unauthorized(*client_ip));
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
}
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
Ok(Hooks { inner: result })
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
}
}
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
impl FromDataSimple for Hooks {
type Error = WebhookeyError;
fn from_data(request: &Request, data: Data) -> data::Outcome<Self, Self::Error> {
Fix clippy warnings
2021-06-30 23:52:19 +02:00
match Hooks::get_commands(request, data) {
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
Ok(hooks) => {
if hooks.inner.is_empty() {
let client_ip = &request
.client_ip()
.unwrap_or(IpAddr::V4(Ipv4Addr::UNSPECIFIED));
warn!("Unmatched hook from {}", &client_ip);
return Failure((Status::NotFound, WebhookeyError::UnmatchedHook(*client_ip)));
}
Success(hooks)
}
Err(WebhookeyError::Unauthorized(e)) => {
error!("{}", WebhookeyError::Unauthorized(e));
Failure((Status::Unauthorized, WebhookeyError::Unauthorized(e)))
}
Err(e) => {
error!("{}", e);
Failure((Status::BadRequest, e))
}
}
}
}
fn accept_ip(hook_name: &str, client_ip: &IpAddr, ip: &IpFilter) -> bool {
if ip.validate(client_ip) {
info!("Allow hook `{}` from {}", &hook_name, &client_ip);
return true;
}
warn!("Deny hook `{}` from {}", &hook_name, &client_ip);
false
}
Breakup `from_data()` into smaller bits To improve readability and reduce indention levels some code was moved into their own functions. And a test case was added to the `secret()` test.
2021-03-29 02:19:30 +02:00
fn validate_request(secret: &str, signature: &str, data: &[u8]) -> Result<()> {
Fix clippy warnings
2021-06-30 23:52:19 +02:00
let mut mac = Hmac::<Sha256>::new_varkey(secret.as_bytes())
Breakup `from_data()` into smaller bits To improve readability and reduce indention levels some code was moved into their own functions. And a test case was added to the `secret()` test.
2021-03-29 02:19:30 +02:00
.map_err(|e| anyhow!("Could not create hasher with secret: {}", e))?;
Fix clippy warnings
2021-06-30 23:52:19 +02:00
mac.update(data);
Breakup `from_data()` into smaller bits To improve readability and reduce indention levels some code was moved into their own functions. And a test case was added to the `secret()` test.
2021-03-29 02:19:30 +02:00
let raw_signature = hex::decode(signature.as_bytes())?;
mac.verify(&raw_signature).map_err(|e| anyhow!("{}", e))
}
Enable command parser to parse all values To be able to parse other values than `serde_json::Value::String(String)` we parse the pointer parameters and replace all those values in the JSON data with strings.
2021-04-16 09:58:15 +02:00
fn get_parameter(input: &str) -> Result<Vec<&str>> {
let parse: IResult<&str, Vec<&str>> = many0(alt((
delimited(tag("{{"), take_until("}}"), tag("}}")),
take_until("{{"),
Fix clippy warnings
2021-06-30 23:52:19 +02:00
)))(input);
Enable command parser to parse all values To be able to parse other values than `serde_json::Value::String(String)` we parse the pointer parameters and replace all those values in the JSON data with strings.
2021-04-16 09:58:15 +02:00
let (_last, result) = parse
.finish()
.map_err(|e| anyhow!("Could not get parameters from command: {}", e))?;
Ok(result)
}
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
fn get_header_field<'a>(headers: &'a HeaderMap, param: &[&str]) -> Result<&'a str> {
headers
.get_one(
param
.get(1)
.ok_or_else(|| anyhow!("Missing parameter for `header` expression"))?,
)
.ok_or_else(|| anyhow!("Could not extract event parameter from header"))
}
fn get_value_from_pointer<'a>(data: &'a serde_json::Value, pointer: &'a str) -> Result<&'a str> {
let value = data
.pointer(pointer)
.ok_or_else(|| anyhow!("Could not get field from pointer {}", pointer))?;
value
.as_str()
.ok_or_else(|| anyhow!("Could not convert value `{}` to string", value))
}
fn replace_parameters(
input: &str,
headers: &HeaderMap,
data: &serde_json::Value,
) -> Result<String> {
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
let parse: IResult<&str, Vec<&str>> = many0(alt((
map_res(
delimited(tag("{{"), take_until("}}"), tag("}}")),
Arbitrary header fields in commands Adopt the parser to be able to parse header fields.
2021-03-30 01:16:15 +02:00
|param: &str| {
let expr = param.trim().split(' ').collect::<Vec<&str>>();
match expr.get(0) {
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
Some(&"header") => get_header_field(headers, &expr),
Fix clippy warnings
2021-06-30 23:52:19 +02:00
Some(pointer) => get_value_from_pointer(data, pointer),
Arbitrary header fields in commands Adopt the parser to be able to parse header fields.
2021-03-30 01:16:15 +02:00
None => bail!("Missing expression in `{}`", input),
}
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
},
),
take_until("{{"),
)))(input);
let (last, mut result) = parse
.finish()
.map_err(|e| anyhow!("Could not parse command: {}", e))?;
result.push(last);
Ok(result.join(""))
}
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
fn get_string(value: &serde_json::Value) -> Result<String, WebhookeyError> {
Enable command parser to parse all values To be able to parse other values than `serde_json::Value::String(String)` we parse the pointer parameters and replace all those values in the JSON data with strings.
2021-04-16 09:58:15 +02:00
match &value {
Support matching boolean values with regex
2021-04-22 11:52:02 +02:00
serde_json::Value::Bool(bool) => Ok(bool.to_string()),
Enable command parser to parse all values To be able to parse other values than `serde_json::Value::String(String)` we parse the pointer parameters and replace all those values in the JSON data with strings.
2021-04-16 09:58:15 +02:00
serde_json::Value::Number(number) => Ok(number.to_string()),
serde_json::Value::String(string) => Ok(string.as_str().to_string()),
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
x => {
error!("Could not get string from: {:?}", x);
unimplemented!()
}
Fix matching numbers against the regex Still, `Null`, `Bool`, `Array` and `Object` types are unmatchable. Work TBD...
2021-04-13 16:55:13 +02:00
}
}
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
#[post("/", format = "json", data = "<hooks>")]
fn receive_hook<'a>(address: SocketAddr, hooks: Hooks) -> Result<Response<'a>> {
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
info!("Post request received from: {}", address);
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
hooks.inner.iter().for_each(|(name, command)| {
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
info!("Execute `{}` from hook `{}`", &command, &name);
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
Fix clippy warnings
2021-06-30 23:52:19 +02:00
match run_script::run(command, &vec![], &ScriptOptions::new()) {
Fix execution of scripts For better script and argument support `run_script` is used instead of `process::Command`.
2021-04-16 17:42:40 +02:00
Ok((status, stdout, stderr)) => {
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
info!("Command `{}` exited with return code: {}", &command, status);
trace!("Output of command `{}` on stdout: {:?}", &command, &stdout);
debug!("Output of command `{}` on stderr: {:?}", &command, &stderr);
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
}
Err(e) => {
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
error!("Execution of `{}` failed: {}", &command, e);
Implement secret functionality In order to validate requests a field called `secret` has to be sent containing a secret key which validates the request. A hook will be executed only if the secret sent with the request matches the hook's secret.
2021-03-19 10:16:46 +01:00
}
}
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
});
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
Ok(Response::new())
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
}
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
fn get_config() -> Result<File> {
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
// Look for config in CWD..
if let Ok(config) = File::open("config.yml") {
info!("Loading configuration from `./config.yml`");
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
return Ok(config);
}
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
// ..look for user path config..
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
if let Some(mut path) = dirs::config_dir() {
path.push("webhookey/config.yml");
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
if let Ok(config) = File::open(&path) {
info!(
"Loading configuration from `{}`",
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
path.to_str().unwrap_or("<path unprintable>"),
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
);
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
return Ok(config);
}
}
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
// ..look for systemwide config..
if let Ok(config) = File::open("/etc/webhookey/config.yml") {
info!("Loading configuration from `/etc/webhookey/config.yml`");
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
return Ok(config);
}
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
// ..you had your chance.
Arbitrary header fields in commands Adopt the parser to be able to parse header fields.
2021-03-30 01:16:15 +02:00
bail!("No configuration file found.");
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
}
fn main() -> Result<()> {
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
env_logger::init();
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
let cli: Opts = Opts::parse();
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
let config: Config = match cli.config {
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
Some(config) => serde_yaml::from_reader(BufReader::new(File::open(config)?))?,
_ => serde_yaml::from_reader(BufReader::new(get_config()?))?,
};
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
Implement proper logging The `log` and `env_logger` crates are used for logging.
2021-03-03 16:14:54 +01:00
trace!("Parsed configuration:\n{}", serde_yaml::to_string(&config)?);
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
Better command line argument parsing Use structs and enums instead of builder style options.
2021-06-30 23:55:21 +02:00
if cli.command.is_some() {
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
debug!("Configtest succeded.");
println!("Config is OK");
Restructure and minor improvements In order to keep things together the code was restructured. Some small improvements such as clippy warnings and the validation of a hook in regards of the ip filter.
2021-06-02 03:35:43 +02:00
return Ok(());
Use clap for command line arguments To support command line arguments `clap` is used. This adds following argument `--config`/`-c` to provide a different path for the configurationf file and the subcommand `configtest` which parses and loads the configuration and exits.
2021-05-31 16:14:19 +02:00
}
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
rocket::ignite()
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
.mount("/", routes![receive_hook])
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
.attach(AdHoc::on_attach("webhookey config", move |rocket| {
Ok(rocket.manage(config))
}))
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
.launch();
Parse config file and act upon All dependencies were updated. An example configuration file `config.yml` is added to show the configuration options. Following locations are checked: - `/etc/webhookey/config.yml` - `<config_dir>/webhookey/config.yml` - `./config.yml` Whereas `<config_dir>` is depending on the platform: - Linux: `$XDG_CONFIG_HOME` or `$HOME/.config` - macOS: `$HOME/Library/Application Support` - Windows: `{FOLDERID_RoamingAppData}` Each hook's action is executed if all of the specified filters match.
2021-03-03 15:24:46 +01:00
Ok(())
Parse JSON from post request Accept a post request and try to parse it expecting the data is formated in JSON.
2021-02-02 11:05:50 +01:00
}
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
#[cfg(test)]
mod tests {
use super::*;
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
use rocket::{
http::{ContentType, Header},
local::Client,
};
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
use serde_json::json;
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
#[test]
fn secret() {
let mut hooks = HashMap::new();
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
hooks.insert(
"test_hook".to_string(),
Hook {
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
command: "".to_string(),
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
signature: "X-Gitea-Signature".to_string(),
Add optional `ip_filter` to hook config In order to allow or deny sources of requests the possibility to configure a list of allowed or denied IP addresses was added as described by the readme. Closes #3
2021-04-02 00:25:39 +02:00
ip_filter: None,
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
secrets: vec!["valid".to_string()],
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
filter: FilterType::JsonFilter(JsonFilter {
pointer: "*".to_string(),
regex: "*".to_string(),
}),
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
},
);
Support so called conjunction filters This introduces thee so called conjunction filters and therefore restructures the configuration file. The most obvious changes from an users perspective are that the `filters` field was renamed to `filter` and can, from now on, only support a single filter at first level. Thats why now different filter types are implemented, please consult the readme for further information on their usage. To reflect the changes the readme file is updated as well as the example config file contained in this repository. This is related to #8
2021-05-31 02:16:22 +02:00
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
let config = Config { hooks: hooks };
let rocket = rocket::ignite()
.mount("/", routes![receive_hook])
.attach(AdHoc::on_attach("webhookey config", move |rocket| {
Ok(rocket.manage(config))
}));
let client = Client::new(rocket).unwrap();
let response = client
.post("/")
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.header(Header::new(
"X-Gitea-Signature",
"28175a0035f637f3cbb85afee9f9d319631580e7621cf790cd16ca063a2f820e",
))
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.body(&serde_json::to_string(&json!({ "foo": "bar" })).unwrap())
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.dispatch();
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
assert_eq!(response.status(), Status::NotFound);
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
let response = client
.post("/")
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.header(Header::new("X-Gitea-Signature", "beef"))
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.body(&serde_json::to_string(&json!({ "foo": "bar" })).unwrap())
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.dispatch();
assert_eq!(response.status(), Status::Unauthorized);
let response = client
.post("/")
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
.header(Header::new(
"X-Gitea-Signature",
"c5c315d76318362ec129ca629b50b626bba09ad3d7ba4cc0f4c0afe4a90537a0",
))
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
.body(r#"{ "not_secret": "invalid" "#)
.dispatch();
assert_eq!(response.status(), Status::BadRequest);
Breakup `from_data()` into smaller bits To improve readability and reduce indention levels some code was moved into their own functions. And a test case was added to the `secret()` test.
2021-03-29 02:19:30 +02:00
let response = client
.post("/")
.header(Header::new("X-Gitea-Signature", "foobar"))
.header(ContentType::JSON)
.remote("127.0.0.1:8000".parse().unwrap())
.dispatch();
assert_eq!(response.status(), Status::Unauthorized);
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
}
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
#[test]
fn parse_command() {
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
let mut map = HeaderMap::new();
map.add_raw("X-Gitea-Event", "something");
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters("command", &map, &serde_json::Value::Null).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"command"
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters(" command", &map, &serde_json::Value::Null).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" command"
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters("command ", &map, &serde_json::Value::Null).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"command "
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters(" command ", &map, &serde_json::Value::Null).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" command "
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters("command command ", &map, &serde_json::Value::Null).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"command command "
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters("{{ /foo }} command", &map, &json!({ "foo": "bar" })).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"bar command"
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters(" command {{ /foo }} ", &map, &json!({ "foo": "bar" })).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" command bar "
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters(
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
"{{ /foo }} command{{/field1/foo}}",
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
&map,
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
&json!({ "foo": "bar", "field1": { "foo": "baz" } })
)
.unwrap(),
"bar commandbaz"
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters(" command {{ /foo }} ", &map, &json!({ "foo": "bar" })).unwrap(),
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" command bar "
);
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters(
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
" {{ /field1/foo }} command",
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
&map,
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
&json!({ "field1": { "foo": "bar" } })
)
.unwrap(),
" bar command"
);
Use signature field for verification Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
assert_eq!(
Update build deps and improve readability The ip filtering is improved as well as the replacing of parameters. The index page is removed.
2021-05-29 00:50:48 +02:00
replace_parameters(
Arbitrary header fields in commands Adopt the parser to be able to parse header fields.
2021-03-30 01:16:15 +02:00
" {{ header X-Gitea-Event }} command",
Restructuring of `from_data()` and configuration For better readability, correctness and maintainability the body (which is still rather large, though) was restructured. Regarding the signature, to be able to configure different fields in the HTTP header the configuration parameter signature was added.
2021-03-29 04:21:31 +02:00
&map,
&json!({ "field1": { "foo": "bar" } })
)
.unwrap(),
" something command"
);
Replace command parameters with values To create a minimalistic parser, nom is used to identify and replace parameters given in the command field. For clarity the `action` field for hooks was renamed to `command`.
2021-03-21 15:51:58 +01:00
}
Improve secret handling and add tests Instead of a string `receive_hook` returns a `Response` now. Some rudimentary tests were added.
2021-03-20 00:12:01 +01:00
}
Reference in a new issue Copy permalink