Compare commits

..

No commits in common. "testing" and "main" have entirely different histories.

6 changed files with 30 additions and 31 deletions

28
Cargo.lock generated
View file

@ -739,6 +739,12 @@ version = "0.2.146"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b" checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b"
[[package]]
name = "linked-hash-map"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
[[package]] [[package]]
name = "linux-raw-sys" name = "linux-raw-sys"
version = "0.3.8" version = "0.3.8"
@ -1301,15 +1307,14 @@ dependencies = [
[[package]] [[package]]
name = "serde_yaml" name = "serde_yaml"
version = "0.9.21" version = "0.8.26"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9d684e3ec7de3bf5466b32bd75303ac16f0736426e5a4e0d6e489559ce1249c" checksum = "578a7433b776b56a35785ed5ce9a7e777ac0598aac5a6dd1b4b18a307c7fc71b"
dependencies = [ dependencies = [
"indexmap", "indexmap",
"itoa",
"ryu", "ryu",
"serde", "serde",
"unsafe-libyaml", "yaml-rust",
] ]
[[package]] [[package]]
@ -1709,12 +1714,6 @@ version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
[[package]]
name = "unsafe-libyaml"
version = "0.2.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1865806a559042e51ab5414598446a5871b561d21b6764f2eabb0dd481d880a6"
[[package]] [[package]]
name = "untrusted" name = "untrusted"
version = "0.7.1" version = "0.7.1"
@ -1967,6 +1966,15 @@ dependencies = [
"memchr", "memchr",
] ]
[[package]]
name = "yaml-rust"
version = "0.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "56c1936c4cc7a1c9ab21a1ebb602eb942ba868cbd44a99cb7cdc5892335e1c85"
dependencies = [
"linked-hash-map",
]
[[package]] [[package]]
name = "yansi" name = "yansi"
version = "0.5.1" version = "0.5.1"

View file

@ -25,7 +25,7 @@ run_script = "0.9"
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
serde_regex = "1.1" serde_regex = "1.1"
serde_yaml = "0.9" serde_yaml = "0.8"
sha2 = "0.10" sha2 = "0.10"
thiserror = "1.0" thiserror = "1.0"

View file

@ -1,4 +1,4 @@
use crate::{filters::IpFilterWrapper, hooks::Hook}; use crate::{filters::IpFilter, hooks::Hook};
use anyhow::{bail, Result}; use anyhow::{bail, Result};
use log::info; use log::info;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -8,14 +8,13 @@ use std::{collections::BTreeMap, fs::File};
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
pub struct MetricsConfig { pub struct MetricsConfig {
pub enabled: bool, pub enabled: bool,
pub ip_filter: Option<IpFilterWrapper>, pub ip_filter: Option<IpFilter>,
} }
#[derive(Debug, Deserialize, Serialize)] #[derive(Debug, Deserialize, Serialize)]
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
pub struct Config { pub struct Config {
pub metrics: Option<MetricsConfig>, pub metrics: Option<MetricsConfig>,
#[serde(with = "serde_yaml::with::singleton_map_recursive")]
pub hooks: BTreeMap<String, Hook>, pub hooks: BTreeMap<String, Hook>,
} }

View file

@ -39,14 +39,6 @@ impl IpFilter {
} }
} }
// FIXME: As `serde_yaml` `0.9` fucks things up, for now this ugly
// wrapper is needed.
#[derive(Debug, Deserialize, Serialize)]
#[serde(transparent)]
pub struct IpFilterWrapper(
#[serde(with = "serde_yaml::with::singleton_map_recursive")] pub IpFilter,
);
#[derive(Debug, Deserialize, Serialize)] #[derive(Debug, Deserialize, Serialize)]
pub struct HeaderFilter { pub struct HeaderFilter {
pub field: String, pub field: String,

View file

@ -1,5 +1,5 @@
use crate::{ use crate::{
filters::{FilterType, IpFilter, IpFilterWrapper}, filters::{FilterType, IpFilter},
Config, Metrics, WebhookeyError, Config, Metrics, WebhookeyError,
}; };
use anyhow::{anyhow, bail, Result}; use anyhow::{anyhow, bail, Result};
@ -53,7 +53,7 @@ fn validate_request(secret: &str, signature: &str, data: &[u8]) -> Result<()> {
pub struct Hook { pub struct Hook {
command: String, command: String,
signature: String, signature: String,
ip_filter: Option<IpFilterWrapper>, ip_filter: Option<IpFilter>,
secrets: Vec<String>, secrets: Vec<String>,
filter: FilterType, filter: FilterType,
} }
@ -160,7 +160,7 @@ impl Hooks {
let hooks = config.hooks.iter().filter(|(name, hook)| { let hooks = config.hooks.iter().filter(|(name, hook)| {
if let Some(ip) = &hook.ip_filter { if let Some(ip) = &hook.ip_filter {
accept_ip(name, client_ip, &ip.0) accept_ip(name, client_ip, ip)
} else { } else {
info!( info!(
"Allow hook `{}` from {}, no IP filter was configured", "Allow hook `{}` from {}, no IP filter was configured",
@ -718,9 +718,9 @@ hooks:
command: "/usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf" command: "/usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf"
.to_string(), .to_string(),
signature: "X-Gitea-Signature".to_string(), signature: "X-Gitea-Signature".to_string(),
ip_filter: Some(IpFilterWrapper(IpFilter::Allow(vec![ ip_filter: Some(IpFilter::Allow(vec![AddrType::IpNet(
AddrType::IpNet("127.0.0.1/31".parse().unwrap()) "127.0.0.1/31".parse().unwrap()
]))), )])),
secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()], secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()],
filter: FilterType::JsonFilter(JsonFilter { filter: FilterType::JsonFilter(JsonFilter {
pointer: "/ref".to_string(), pointer: "/ref".to_string(),
@ -787,9 +787,9 @@ hooks:
command: "/usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf" command: "/usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf"
.to_string(), .to_string(),
signature: "X-Gitea-Signature".to_string(), signature: "X-Gitea-Signature".to_string(),
ip_filter: Some(IpFilterWrapper(IpFilter::Allow(vec![AddrType::IpNet( ip_filter: Some(IpFilter::Allow(vec![AddrType::IpNet(
"127.0.0.1/31".parse().unwrap() "127.0.0.1/31".parse().unwrap()
)]))), )])),
secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()], secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()],
filter: FilterType::JsonFilter(JsonFilter { filter: FilterType::JsonFilter(JsonFilter {
pointer: "/ref".to_string(), pointer: "/ref".to_string(),

View file

@ -32,7 +32,7 @@ pub async fn metrics(
// Is a filter configured? // Is a filter configured?
if let Some(filter) = &metrics_config.ip_filter { if let Some(filter) = &metrics_config.ip_filter {
// Does the request match the filter? // Does the request match the filter?
if filter.0.validate(&address.ip()) { if filter.validate(&address.ip()) {
return Some(metrics.get_metrics()); return Some(metrics.get_metrics());
} }
} else { } else {