finga/webhookey
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity

Support so called conjunction filters

Browse source 
This introduces thee so called conjunction filters and therefore
restructures the configuration file. The most obvious changes from an
users perspective are that the `filters` field was renamed to `filter`
and can, from now on, only support a single filter at first
level. Thats why now different filter types are implemented, please
consult the readme for further information on their usage.

To reflect the changes the readme file is updated as well as the
example config file contained in this repository.

This is related to #8
This commit is contained in:
finga 2021-05-31 02:16:22 +02:00
parent 891a8a70ae
commit 43b7fd5625
3 changed files with 185 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

62
README.md
View file

@ -1,6 +1,6 @@
# Webhookey
Webhookey is a webserver listening for requests as for example sent by
gitea's webhooks. Further, Webhookey allows you to specifiy rules
Webhookey is a web server listening for requests as for example sent by
gitea's webhooks. Further, Webhookey allows you to specify rules
which are matched against the data received to trigger certain
actions.
@ -15,7 +15,7 @@ Further, for Rocket we need to have the nightly toolchain installed:
```
### Build Webhookey
The webhookey project can be built for development:
The Webhookey project can be built for development:
``` sh
cargo b
```
@ -27,7 +27,7 @@ or for releasing:
### Install Webhookey
When a Rust toolchain installed you can also install Webhookey
directly without cloning it manualy:
directly without cloning it manually:
``` sh
cargo install --git https://git.onders.org/finga/webhookey.git webhookey
```
@ -51,7 +51,7 @@ you built.
Configuration syntax is YAML and it's paths as well as it's
configuration format is described in the following sections.
### Configuration paths
### Configuration Paths
Following locations are checked for a configuration file:
- `/etc/webhookey/config.yml`
- `<config_dir>/webhookey/config.yml`
@ -72,7 +72,7 @@ consists of the following fields:
source addresses or ranges.
- signature: Name of the HTTP header field containing the signature.
- secrets: List of secrets.
- filters: List of filters.
- filter: Tree of filters.
Example:
```yaml
@ -87,10 +87,18 @@ hooks:
secrets:
- secret_key_01
- secret_key_02
filters:
match_ref:
pointer: /ref
regex: refs/heads/master
filter:
or:
- json:
pointer: /ref
regex: refs/heads/master
- and:
- json:
pointer: /ref
regex: refs/heads/a_branch
- json:
pointer: /after
regex: f6e5fe4fe37df76629112d55cc210718b6a55e7e
```
##### Command
@ -137,17 +145,25 @@ Set the name of the HTTP header field containing the HMAC signature.
Configure a list of secrets to validate the hook.
##### Filter
Each filter must have following fields:
- pointer: pointer to the JSON field according to [RFC
6901](https://tools.ietf.org/html/rfc6901)
- regex: regular expression which has to match the field pointed to by
the pointer
Filter can be either a concrete filter or a conjunction
filter. Concrete filters return either true or false on specific
constraints. Conjunction filters contain lists of filters which are
evaluated and combined based on the type. The result is either used
for parent conjunction filters or, if at the root, used to decide if a
hook should be executed.
# TODOs
## Use `clap` to parse command line arguments
## Configure rocket via config.yml
## Security
### https support
basically supported, but related to "Configure rocket via config.yml".
### Authentication features
## Use proptest or quickcheck for tests of parsers
###### Conjunction Filters
Conjunction filters contain lists of other filters.
- `and`: Logical conjunction.
- `or`: Logical disjunction.
###### Concrete Filters
- `json`:
The `json` filter matches a regular expression on a field from the
received JSON data.
- pointer: Pointer to the JSON field according to [RFC
6901](https://tools.ietf.org/html/rfc6901).
- regex: Regular expression which has to match the field pointed to
by the pointer.