2021-02-02 11:05:50 +01:00
|
|
|
#![feature(proc_macro_hygiene, decl_macro)]
|
|
|
|
|
2021-03-03 15:24:46 +01:00
|
|
|
use anyhow::{anyhow, bail, Result};
|
2021-03-28 03:50:52 +02:00
|
|
|
use hmac::{Hmac, Mac, NewMac};
|
2021-04-02 00:25:39 +02:00
|
|
|
use ipnet::IpNet;
|
2021-03-28 03:50:52 +02:00
|
|
|
use log::{debug, error, info, trace, warn};
|
2021-03-21 15:51:58 +01:00
|
|
|
use nom::{
|
|
|
|
branch::alt,
|
|
|
|
bytes::complete::{tag, take_until},
|
|
|
|
combinator::map_res,
|
|
|
|
multi::many0,
|
|
|
|
sequence::delimited,
|
|
|
|
Finish, IResult,
|
|
|
|
};
|
2021-03-03 15:24:46 +01:00
|
|
|
use regex::Regex;
|
2021-03-28 03:50:52 +02:00
|
|
|
use rocket::{
|
|
|
|
data::{self, FromDataSimple},
|
|
|
|
fairing::AdHoc,
|
|
|
|
get,
|
|
|
|
http::{HeaderMap, Status},
|
|
|
|
post, routes, Data,
|
|
|
|
Outcome::{Failure, Success},
|
|
|
|
Request, Response, State,
|
|
|
|
};
|
2021-02-02 11:05:50 +01:00
|
|
|
use serde::{Deserialize, Serialize};
|
2021-03-28 03:50:52 +02:00
|
|
|
use sha2::Sha256;
|
2021-02-02 11:05:50 +01:00
|
|
|
|
2021-03-22 11:12:45 +01:00
|
|
|
use std::{
|
2021-03-28 03:50:52 +02:00
|
|
|
collections::HashMap,
|
|
|
|
fs::File,
|
|
|
|
io::{BufReader, Read},
|
2021-04-02 00:25:39 +02:00
|
|
|
net::{IpAddr, Ipv4Addr, SocketAddr},
|
2021-03-28 03:50:52 +02:00
|
|
|
process::Command,
|
2021-03-22 11:12:45 +01:00
|
|
|
str::from_utf8,
|
|
|
|
};
|
2021-03-03 15:24:46 +01:00
|
|
|
|
|
|
|
#[derive(Debug, Deserialize, Serialize)]
|
2021-04-02 00:25:39 +02:00
|
|
|
#[serde(deny_unknown_fields, untagged)]
|
|
|
|
enum AddrType {
|
|
|
|
IpAddr(IpAddr),
|
|
|
|
IpNet(IpNet),
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Debug, Deserialize, Serialize)]
|
|
|
|
#[serde(deny_unknown_fields, rename_all = "lowercase")]
|
|
|
|
enum IpFilter {
|
|
|
|
Allow(Vec<AddrType>),
|
|
|
|
Deny(Vec<AddrType>),
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Debug, Deserialize, Serialize)]
|
|
|
|
#[serde(deny_unknown_fields)]
|
2021-03-03 15:24:46 +01:00
|
|
|
struct Config {
|
|
|
|
hooks: HashMap<String, Hook>,
|
|
|
|
}
|
|
|
|
|
2021-02-02 11:05:50 +01:00
|
|
|
#[derive(Debug, Deserialize, Serialize)]
|
2021-04-02 00:25:39 +02:00
|
|
|
#[serde(deny_unknown_fields)]
|
2021-03-03 15:24:46 +01:00
|
|
|
struct Hook {
|
2021-03-28 03:50:52 +02:00
|
|
|
command: String,
|
2021-03-29 04:21:31 +02:00
|
|
|
signature: String,
|
2021-04-02 00:25:39 +02:00
|
|
|
ip_filter: Option<IpFilter>,
|
2021-03-19 10:16:46 +01:00
|
|
|
secrets: Vec<String>,
|
2021-03-03 15:24:46 +01:00
|
|
|
filters: HashMap<String, Filter>,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Debug, Deserialize, Serialize)]
|
2021-04-02 00:25:39 +02:00
|
|
|
#[serde(deny_unknown_fields)]
|
2021-03-03 15:24:46 +01:00
|
|
|
struct Filter {
|
|
|
|
pointer: String,
|
|
|
|
regex: String,
|
|
|
|
}
|
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
#[derive(Debug)]
|
2021-03-29 04:21:31 +02:00
|
|
|
struct Hooks(HashMap<String, String>);
|
2021-02-02 11:05:50 +01:00
|
|
|
|
2021-04-02 00:25:39 +02:00
|
|
|
fn accepted_ip(hook_name: &str, client_ip: &IpAddr, ip_filter: &Option<IpFilter>) -> bool {
|
|
|
|
match ip_filter {
|
|
|
|
Some(IpFilter::Allow(list)) => {
|
|
|
|
for i in list {
|
|
|
|
match i {
|
|
|
|
AddrType::IpAddr(addr) => {
|
|
|
|
if addr == client_ip {
|
|
|
|
info!("Allow hook `{}` from {}", &hook_name, &addr);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
AddrType::IpNet(net) => {
|
|
|
|
if net.contains(client_ip) {
|
|
|
|
info!("Allow hook `{}` from {}", &hook_name, &net);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
warn!("Deny hook `{}` from {}", &hook_name, &client_ip);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
Some(IpFilter::Deny(list)) => {
|
|
|
|
for i in list {
|
|
|
|
match i {
|
|
|
|
AddrType::IpAddr(addr) => {
|
|
|
|
if addr == client_ip {
|
|
|
|
warn!("Deny hook `{}` from {}", &hook_name, &addr);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
AddrType::IpNet(net) => {
|
|
|
|
if net.contains(client_ip) {
|
|
|
|
warn!("Deny hook `{}` from {}", &hook_name, &net);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
info!("Allow hook `{}` from {}", &hook_name, &client_ip)
|
|
|
|
}
|
|
|
|
None => info!(
|
|
|
|
"Allow hook `{}` from {} as no IP filter was configured",
|
|
|
|
&hook_name, &client_ip
|
|
|
|
),
|
|
|
|
}
|
|
|
|
|
|
|
|
true
|
|
|
|
}
|
|
|
|
|
2021-03-29 02:19:30 +02:00
|
|
|
fn validate_request(secret: &str, signature: &str, data: &[u8]) -> Result<()> {
|
|
|
|
let mut mac = Hmac::<Sha256>::new_varkey(&secret.as_bytes())
|
|
|
|
.map_err(|e| anyhow!("Could not create hasher with secret: {}", e))?;
|
|
|
|
mac.update(&data);
|
|
|
|
let raw_signature = hex::decode(signature.as_bytes())?;
|
|
|
|
mac.verify(&raw_signature).map_err(|e| anyhow!("{}", e))
|
|
|
|
}
|
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
fn replace_parameter(input: &str, headers: &HeaderMap, data: &serde_json::Value) -> Result<String> {
|
2021-03-21 15:51:58 +01:00
|
|
|
let parse: IResult<&str, Vec<&str>> = many0(alt((
|
|
|
|
map_res(
|
|
|
|
delimited(tag("{{"), take_until("}}"), tag("}}")),
|
2021-03-30 01:16:15 +02:00
|
|
|
|param: &str| {
|
|
|
|
let expr = param.trim().split(' ').collect::<Vec<&str>>();
|
|
|
|
|
|
|
|
match expr.get(0) {
|
|
|
|
Some(&"header") => {
|
|
|
|
if let Some(field) = expr.get(1) {
|
|
|
|
match headers.get_one(field) {
|
|
|
|
Some(value) => Ok(value),
|
|
|
|
_ => bail!("Could not extract event parameter from header"),
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
bail!("Missing parameter for `header` expression");
|
|
|
|
}
|
2021-03-21 15:51:58 +01:00
|
|
|
}
|
2021-03-30 01:16:15 +02:00
|
|
|
Some(pointer) => match data.pointer(pointer) {
|
|
|
|
Some(value) => match value.as_str() {
|
|
|
|
Some(value) => Ok(value),
|
|
|
|
_ => bail!("Could not convert value `{}` to string", value),
|
|
|
|
},
|
|
|
|
_ => bail!("Could not convert field `{}` to string", param.trim()),
|
2021-03-28 03:50:52 +02:00
|
|
|
},
|
2021-03-30 01:16:15 +02:00
|
|
|
None => bail!("Missing expression in `{}`", input),
|
|
|
|
}
|
2021-03-21 15:51:58 +01:00
|
|
|
},
|
|
|
|
),
|
|
|
|
take_until("{{"),
|
|
|
|
)))(input);
|
|
|
|
|
|
|
|
let (last, mut result) = parse
|
|
|
|
.finish()
|
|
|
|
.map_err(|e| anyhow!("Could not parse command: {}", e))?;
|
|
|
|
result.push(last);
|
|
|
|
|
|
|
|
Ok(result.join(""))
|
|
|
|
}
|
|
|
|
|
2021-03-29 02:19:30 +02:00
|
|
|
fn filter_match(
|
|
|
|
hook_name: &str,
|
|
|
|
hook: &Hook,
|
|
|
|
filter_name: &str,
|
|
|
|
filter: &Filter,
|
|
|
|
request: &Request,
|
|
|
|
data: &serde_json::Value,
|
|
|
|
) -> Result<Option<String>> {
|
|
|
|
trace!("Matching filter `{}` of hook `{}`", filter_name, hook_name);
|
|
|
|
|
|
|
|
let regex = Regex::new(&filter.regex)?;
|
|
|
|
|
|
|
|
if let Some(value) = data.pointer(&filter.pointer) {
|
|
|
|
if let Some(value) = value.as_str() {
|
|
|
|
if regex.is_match(value) {
|
|
|
|
debug!("Filter `{}` of hook `{}` matched", filter_name, hook_name);
|
|
|
|
|
|
|
|
return Ok(Some(replace_parameter(
|
|
|
|
&hook.command.to_string(),
|
|
|
|
&request.headers(),
|
|
|
|
data,
|
|
|
|
)?));
|
|
|
|
}
|
|
|
|
} else {
|
2021-03-29 04:21:31 +02:00
|
|
|
bail!(
|
2021-03-29 02:19:30 +02:00
|
|
|
"Could not parse pointer in hook `{}` from filter `{}`",
|
|
|
|
hook_name,
|
|
|
|
filter_name
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
trace!(
|
|
|
|
"Filter `{}` of hook `{}` did not match",
|
|
|
|
filter_name,
|
|
|
|
hook_name
|
|
|
|
);
|
|
|
|
|
|
|
|
Ok(None)
|
|
|
|
}
|
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
impl FromDataSimple for Hooks {
|
|
|
|
type Error = anyhow::Error;
|
2021-03-03 15:24:46 +01:00
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
fn from_data(request: &Request, data: Data) -> data::Outcome<Self, Self::Error> {
|
2021-03-29 04:21:31 +02:00
|
|
|
let mut buffer = Vec::new();
|
|
|
|
match data.open().read_to_end(&mut buffer) {
|
|
|
|
Ok(size) => info!("Data of size {} received", size),
|
|
|
|
Err(e) => {
|
|
|
|
error!("Could not read to end of data: {}", &e);
|
|
|
|
return Failure((
|
|
|
|
Status::BadRequest,
|
|
|
|
anyhow!("Could not read to end of data: {}", &e),
|
|
|
|
));
|
2021-03-03 15:24:46 +01:00
|
|
|
}
|
2021-03-29 04:21:31 +02:00
|
|
|
}
|
2021-03-03 15:24:46 +01:00
|
|
|
|
2021-03-29 04:21:31 +02:00
|
|
|
let config = request.guard::<State<Config>>().unwrap(); // should never fail
|
|
|
|
let mut valid = false;
|
|
|
|
let mut hooks = HashMap::new();
|
2021-04-02 00:25:39 +02:00
|
|
|
let client_ip = &request
|
|
|
|
.client_ip()
|
|
|
|
.unwrap_or(IpAddr::V4(Ipv4Addr::UNSPECIFIED));
|
2021-03-28 03:50:52 +02:00
|
|
|
|
2021-03-29 04:21:31 +02:00
|
|
|
for (hook_name, hook) in &config.hooks {
|
2021-04-02 00:25:39 +02:00
|
|
|
if accepted_ip(&hook_name, &client_ip, &hook.ip_filter) {
|
|
|
|
if let Some(signature) = request.headers().get_one(&hook.signature) {
|
|
|
|
for secret in &hook.secrets {
|
|
|
|
match validate_request(&secret, &signature, &buffer) {
|
|
|
|
Ok(()) => {
|
|
|
|
trace!("Valid signature found for hook `{}`", hook_name,);
|
|
|
|
|
|
|
|
valid = true;
|
|
|
|
|
|
|
|
let data: serde_json::Value = match serde_json::from_slice(&buffer)
|
|
|
|
{
|
|
|
|
Ok(data) => data,
|
|
|
|
Err(e) => {
|
|
|
|
error!("Could not parse json: {}", e);
|
|
|
|
return Failure((
|
|
|
|
Status::BadRequest,
|
|
|
|
anyhow!("Could not parse json: {}", e),
|
|
|
|
));
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
for (filter_name, filter) in &hook.filters {
|
|
|
|
match filter_match(
|
|
|
|
&hook_name,
|
|
|
|
&hook,
|
|
|
|
&filter_name,
|
|
|
|
&filter,
|
|
|
|
&request,
|
|
|
|
&data,
|
|
|
|
) {
|
|
|
|
Ok(Some(command)) => {
|
|
|
|
hooks.insert(hook_name.to_string(), command);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
Ok(None) => {}
|
|
|
|
Err(e) => error!("{}", e),
|
2021-03-29 04:21:31 +02:00
|
|
|
}
|
2021-03-28 03:50:52 +02:00
|
|
|
}
|
|
|
|
}
|
2021-04-02 00:25:39 +02:00
|
|
|
Err(e) => {
|
|
|
|
warn!("Hook `{}` could not validate request: {}", &hook_name, e);
|
|
|
|
}
|
2021-03-28 03:50:52 +02:00
|
|
|
}
|
|
|
|
}
|
2021-04-02 00:25:39 +02:00
|
|
|
} else {
|
|
|
|
error!("Could not extract signature from header");
|
|
|
|
return Failure((
|
|
|
|
Status::BadRequest,
|
|
|
|
anyhow!("Could not extract signature from header"),
|
|
|
|
));
|
2021-03-28 03:50:52 +02:00
|
|
|
}
|
|
|
|
}
|
2021-03-29 04:21:31 +02:00
|
|
|
}
|
2021-03-17 13:40:08 +01:00
|
|
|
|
2021-03-29 04:21:31 +02:00
|
|
|
if hooks.is_empty() {
|
|
|
|
if valid {
|
2021-04-02 00:25:39 +02:00
|
|
|
warn!("Unmatched hook from {}", &client_ip);
|
2021-03-29 04:21:31 +02:00
|
|
|
return Failure((
|
|
|
|
Status::NotFound,
|
2021-04-02 00:25:39 +02:00
|
|
|
anyhow!("Unmatched hook from {}", &client_ip),
|
2021-03-29 04:21:31 +02:00
|
|
|
));
|
2021-03-28 03:50:52 +02:00
|
|
|
} else {
|
2021-04-02 00:25:39 +02:00
|
|
|
error!("Unauthorized request from {}", &client_ip);
|
2021-03-29 04:21:31 +02:00
|
|
|
return Failure((
|
|
|
|
Status::Unauthorized,
|
2021-04-02 00:25:39 +02:00
|
|
|
anyhow!("Unauthorized request from {}", &client_ip),
|
2021-03-29 04:21:31 +02:00
|
|
|
));
|
2021-03-28 03:50:52 +02:00
|
|
|
}
|
|
|
|
}
|
2021-03-29 04:21:31 +02:00
|
|
|
|
|
|
|
Success(Hooks(hooks))
|
2021-03-03 15:24:46 +01:00
|
|
|
}
|
2021-03-28 03:50:52 +02:00
|
|
|
}
|
2021-03-03 15:24:46 +01:00
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
#[get("/")]
|
|
|
|
fn index() -> &'static str {
|
|
|
|
"Hello, webhookey!"
|
2021-03-03 15:24:46 +01:00
|
|
|
}
|
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
#[post("/", format = "json", data = "<hooks>")]
|
|
|
|
fn receive_hook<'a>(address: SocketAddr, hooks: Hooks) -> Result<Response<'a>> {
|
2021-03-20 00:12:01 +01:00
|
|
|
info!("Post request received from: {}", address);
|
2021-03-03 16:14:54 +01:00
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
for hook in hooks.0 {
|
2021-03-29 04:21:31 +02:00
|
|
|
info!("Execute `{}` from hook `{}`", &hook.1, &hook.0);
|
|
|
|
|
|
|
|
let command = hook.1.split(' ').collect::<Vec<&str>>();
|
|
|
|
match Command::new(&command[0]).args(&command[1..]).output() {
|
|
|
|
Ok(executed) => {
|
|
|
|
info!(
|
|
|
|
"Command `{}` exited with return code: {}",
|
|
|
|
&command[0], &executed.status
|
|
|
|
);
|
|
|
|
trace!(
|
|
|
|
"Output of command `{}` on stdout: {:?}",
|
|
|
|
&command[0],
|
|
|
|
from_utf8(&executed.stdout)?
|
|
|
|
);
|
|
|
|
debug!(
|
|
|
|
"Output of command `{}` on stderr: {:?}",
|
|
|
|
&command[0],
|
|
|
|
from_utf8(&executed.stderr)?
|
|
|
|
);
|
|
|
|
}
|
|
|
|
Err(e) => {
|
|
|
|
error!("Execution of `{}` failed: {}", command[0], e);
|
2021-03-19 10:16:46 +01:00
|
|
|
}
|
|
|
|
}
|
2021-03-03 15:24:46 +01:00
|
|
|
}
|
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
Ok(Response::new())
|
2021-02-02 11:05:50 +01:00
|
|
|
}
|
|
|
|
|
2021-03-03 15:24:46 +01:00
|
|
|
fn get_config() -> Result<File> {
|
|
|
|
if let Ok(config) = File::open("/etc/webhookey/config.yml") {
|
2021-03-03 16:14:54 +01:00
|
|
|
info!("Loading configuration from `/etc/webhookey/config.yml`");
|
|
|
|
|
2021-03-03 15:24:46 +01:00
|
|
|
return Ok(config);
|
|
|
|
}
|
|
|
|
|
|
|
|
if let Some(mut path) = dirs::config_dir() {
|
|
|
|
path.push("webhookey/config.yml");
|
|
|
|
|
2021-03-03 16:14:54 +01:00
|
|
|
if let Ok(config) = File::open(&path) {
|
|
|
|
info!(
|
|
|
|
"Loading configuration from `{}`",
|
2021-03-21 15:51:58 +01:00
|
|
|
path.to_str().unwrap_or("<path unprintable>"),
|
2021-03-03 16:14:54 +01:00
|
|
|
);
|
|
|
|
|
2021-03-03 15:24:46 +01:00
|
|
|
return Ok(config);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if let Ok(config) = File::open("config.yml") {
|
2021-03-03 16:14:54 +01:00
|
|
|
info!("Loading configuration from `./config.yml`");
|
|
|
|
|
2021-03-03 15:24:46 +01:00
|
|
|
return Ok(config);
|
|
|
|
}
|
|
|
|
|
2021-03-30 01:16:15 +02:00
|
|
|
bail!("No configuration file found.");
|
2021-03-03 15:24:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
fn main() -> Result<()> {
|
2021-03-03 16:14:54 +01:00
|
|
|
env_logger::init();
|
|
|
|
|
2021-03-20 00:12:01 +01:00
|
|
|
let config: Config = serde_yaml::from_reader(BufReader::new(get_config()?))?;
|
2021-03-03 15:24:46 +01:00
|
|
|
|
2021-03-03 16:14:54 +01:00
|
|
|
trace!("Parsed configuration:\n{}", serde_yaml::to_string(&config)?);
|
2021-03-03 15:24:46 +01:00
|
|
|
|
2021-02-02 11:05:50 +01:00
|
|
|
rocket::ignite()
|
|
|
|
.mount("/", routes![index, receive_hook])
|
2021-03-03 15:24:46 +01:00
|
|
|
.attach(AdHoc::on_attach("webhookey config", move |rocket| {
|
|
|
|
Ok(rocket.manage(config))
|
|
|
|
}))
|
2021-02-02 11:05:50 +01:00
|
|
|
.launch();
|
2021-03-03 15:24:46 +01:00
|
|
|
|
|
|
|
Ok(())
|
2021-02-02 11:05:50 +01:00
|
|
|
}
|
2021-03-20 00:12:01 +01:00
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod tests {
|
|
|
|
use super::*;
|
2021-03-28 03:50:52 +02:00
|
|
|
use rocket::{
|
|
|
|
http::{ContentType, Header},
|
|
|
|
local::Client,
|
|
|
|
};
|
2021-03-21 15:51:58 +01:00
|
|
|
use serde_json::json;
|
2021-03-20 00:12:01 +01:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn index() {
|
|
|
|
let rocket = rocket::ignite().mount("/", routes![index]);
|
|
|
|
|
|
|
|
let client = Client::new(rocket).unwrap();
|
|
|
|
let mut response = client.get("/").dispatch();
|
|
|
|
|
|
|
|
assert_eq!(response.status(), Status::Ok);
|
|
|
|
assert_eq!(response.body_string(), Some("Hello, webhookey!".into()));
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn secret() {
|
|
|
|
let mut hooks = HashMap::new();
|
|
|
|
hooks.insert(
|
|
|
|
"test_hook".to_string(),
|
|
|
|
Hook {
|
2021-03-28 03:50:52 +02:00
|
|
|
command: "".to_string(),
|
2021-03-29 04:21:31 +02:00
|
|
|
signature: "X-Gitea-Signature".to_string(),
|
2021-04-02 00:25:39 +02:00
|
|
|
ip_filter: None,
|
2021-03-20 00:12:01 +01:00
|
|
|
secrets: vec!["valid".to_string()],
|
|
|
|
filters: HashMap::new(),
|
|
|
|
},
|
|
|
|
);
|
|
|
|
let config = Config { hooks: hooks };
|
|
|
|
|
|
|
|
let rocket = rocket::ignite()
|
|
|
|
.mount("/", routes![receive_hook])
|
|
|
|
.attach(AdHoc::on_attach("webhookey config", move |rocket| {
|
|
|
|
Ok(rocket.manage(config))
|
|
|
|
}));
|
|
|
|
|
|
|
|
let client = Client::new(rocket).unwrap();
|
|
|
|
let response = client
|
|
|
|
.post("/")
|
2021-03-28 03:50:52 +02:00
|
|
|
.header(Header::new(
|
|
|
|
"X-Gitea-Signature",
|
|
|
|
"28175a0035f637f3cbb85afee9f9d319631580e7621cf790cd16ca063a2f820e",
|
|
|
|
))
|
2021-03-20 00:12:01 +01:00
|
|
|
.header(ContentType::JSON)
|
|
|
|
.remote("127.0.0.1:8000".parse().unwrap())
|
2021-03-28 03:50:52 +02:00
|
|
|
.body(&serde_json::to_string(&json!({ "foo": "bar" })).unwrap())
|
2021-03-20 00:12:01 +01:00
|
|
|
.dispatch();
|
|
|
|
|
2021-03-28 03:50:52 +02:00
|
|
|
assert_eq!(response.status(), Status::NotFound);
|
2021-03-20 00:12:01 +01:00
|
|
|
|
|
|
|
let response = client
|
|
|
|
.post("/")
|
2021-03-28 03:50:52 +02:00
|
|
|
.header(Header::new("X-Gitea-Signature", "beef"))
|
2021-03-20 00:12:01 +01:00
|
|
|
.header(ContentType::JSON)
|
|
|
|
.remote("127.0.0.1:8000".parse().unwrap())
|
2021-03-28 03:50:52 +02:00
|
|
|
.body(&serde_json::to_string(&json!({ "foo": "bar" })).unwrap())
|
2021-03-20 00:12:01 +01:00
|
|
|
.dispatch();
|
|
|
|
|
|
|
|
assert_eq!(response.status(), Status::Unauthorized);
|
|
|
|
|
|
|
|
let response = client
|
|
|
|
.post("/")
|
2021-03-28 03:50:52 +02:00
|
|
|
.header(Header::new(
|
|
|
|
"X-Gitea-Signature",
|
|
|
|
"c5c315d76318362ec129ca629b50b626bba09ad3d7ba4cc0f4c0afe4a90537a0",
|
|
|
|
))
|
2021-03-20 00:12:01 +01:00
|
|
|
.header(ContentType::JSON)
|
|
|
|
.remote("127.0.0.1:8000".parse().unwrap())
|
|
|
|
.body(r#"{ "not_secret": "invalid" "#)
|
|
|
|
.dispatch();
|
|
|
|
|
|
|
|
assert_eq!(response.status(), Status::BadRequest);
|
2021-03-29 02:19:30 +02:00
|
|
|
|
|
|
|
let response = client
|
|
|
|
.post("/")
|
|
|
|
.header(Header::new("X-Gitea-Signature", "foobar"))
|
|
|
|
.header(ContentType::JSON)
|
|
|
|
.remote("127.0.0.1:8000".parse().unwrap())
|
|
|
|
.dispatch();
|
|
|
|
|
|
|
|
assert_eq!(response.status(), Status::Unauthorized);
|
2021-03-20 00:12:01 +01:00
|
|
|
}
|
2021-03-21 15:51:58 +01:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn parse_command() {
|
2021-03-28 03:50:52 +02:00
|
|
|
let mut map = HeaderMap::new();
|
|
|
|
map.add_raw("X-Gitea-Event", "something");
|
|
|
|
|
2021-03-21 15:51:58 +01:00
|
|
|
assert_eq!(
|
2021-03-28 03:50:52 +02:00
|
|
|
replace_parameter("command", &map, &serde_json::Value::Null).unwrap(),
|
2021-03-21 15:51:58 +01:00
|
|
|
"command"
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
2021-03-28 03:50:52 +02:00
|
|
|
replace_parameter(" command", &map, &serde_json::Value::Null).unwrap(),
|
2021-03-21 15:51:58 +01:00
|
|
|
" command"
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
2021-03-28 03:50:52 +02:00
|
|
|
replace_parameter("command ", &map, &serde_json::Value::Null).unwrap(),
|
2021-03-21 15:51:58 +01:00
|
|
|
"command "
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
2021-03-28 03:50:52 +02:00
|
|
|
replace_parameter(" command ", &map, &serde_json::Value::Null).unwrap(),
|
2021-03-21 15:51:58 +01:00
|
|
|
" command "
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
2021-03-28 03:50:52 +02:00
|
|
|
replace_parameter("command command ", &map, &serde_json::Value::Null).unwrap(),
|
2021-03-21 15:51:58 +01:00
|
|
|
"command command "
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
2021-03-28 03:50:52 +02:00
|
|
|
replace_parameter("{{ /foo }} command", &map, &json!({ "foo": "bar" })).unwrap(),
|
2021-03-21 15:51:58 +01:00
|
|
|
"bar command"
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
2021-03-28 03:50:52 +02:00
|
|
|
replace_parameter(" command {{ /foo }} ", &map, &json!({ "foo": "bar" })).unwrap(),
|
2021-03-21 15:51:58 +01:00
|
|
|
" command bar "
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
replace_parameter(
|
|
|
|
"{{ /foo }} command{{/field1/foo}}",
|
2021-03-28 03:50:52 +02:00
|
|
|
&map,
|
2021-03-21 15:51:58 +01:00
|
|
|
&json!({ "foo": "bar", "field1": { "foo": "baz" } })
|
|
|
|
)
|
|
|
|
.unwrap(),
|
|
|
|
"bar commandbaz"
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
2021-03-28 03:50:52 +02:00
|
|
|
replace_parameter(" command {{ /foo }} ", &map, &json!({ "foo": "bar" })).unwrap(),
|
2021-03-21 15:51:58 +01:00
|
|
|
" command bar "
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
replace_parameter(
|
|
|
|
" {{ /field1/foo }} command",
|
2021-03-28 03:50:52 +02:00
|
|
|
&map,
|
2021-03-21 15:51:58 +01:00
|
|
|
&json!({ "field1": { "foo": "bar" } })
|
|
|
|
)
|
|
|
|
.unwrap(),
|
|
|
|
" bar command"
|
|
|
|
);
|
2021-03-28 03:50:52 +02:00
|
|
|
|
2021-03-29 04:21:31 +02:00
|
|
|
assert_eq!(
|
|
|
|
replace_parameter(
|
2021-03-30 01:16:15 +02:00
|
|
|
" {{ header X-Gitea-Event }} command",
|
2021-03-29 04:21:31 +02:00
|
|
|
&map,
|
|
|
|
&json!({ "field1": { "foo": "bar" } })
|
|
|
|
)
|
|
|
|
.unwrap(),
|
|
|
|
" something command"
|
|
|
|
);
|
2021-03-21 15:51:58 +01:00
|
|
|
}
|
2021-03-20 00:12:01 +01:00
|
|
|
}
|