Compare commits
No commits in common. "testing" and "main" have entirely different histories.
6 changed files with 30 additions and 31 deletions
28
Cargo.lock
generated
28
Cargo.lock
generated
|
@ -739,6 +739,12 @@ version = "0.2.146"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b"
|
||||
|
||||
[[package]]
|
||||
name = "linked-hash-map"
|
||||
version = "0.5.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
|
||||
|
||||
[[package]]
|
||||
name = "linux-raw-sys"
|
||||
version = "0.3.8"
|
||||
|
@ -1301,15 +1307,14 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "serde_yaml"
|
||||
version = "0.9.21"
|
||||
version = "0.8.26"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d9d684e3ec7de3bf5466b32bd75303ac16f0736426e5a4e0d6e489559ce1249c"
|
||||
checksum = "578a7433b776b56a35785ed5ce9a7e777ac0598aac5a6dd1b4b18a307c7fc71b"
|
||||
dependencies = [
|
||||
"indexmap",
|
||||
"itoa",
|
||||
"ryu",
|
||||
"serde",
|
||||
"unsafe-libyaml",
|
||||
"yaml-rust",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -1709,12 +1714,6 @@ version = "0.2.4"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
|
||||
|
||||
[[package]]
|
||||
name = "unsafe-libyaml"
|
||||
version = "0.2.8"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1865806a559042e51ab5414598446a5871b561d21b6764f2eabb0dd481d880a6"
|
||||
|
||||
[[package]]
|
||||
name = "untrusted"
|
||||
version = "0.7.1"
|
||||
|
@ -1967,6 +1966,15 @@ dependencies = [
|
|||
"memchr",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "yaml-rust"
|
||||
version = "0.4.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "56c1936c4cc7a1c9ab21a1ebb602eb942ba868cbd44a99cb7cdc5892335e1c85"
|
||||
dependencies = [
|
||||
"linked-hash-map",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "yansi"
|
||||
version = "0.5.1"
|
||||
|
|
|
@ -25,7 +25,7 @@ run_script = "0.9"
|
|||
serde = { version = "1.0", features = ["derive"] }
|
||||
serde_json = "1.0"
|
||||
serde_regex = "1.1"
|
||||
serde_yaml = "0.9"
|
||||
serde_yaml = "0.8"
|
||||
sha2 = "0.10"
|
||||
thiserror = "1.0"
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
use crate::{filters::IpFilterWrapper, hooks::Hook};
|
||||
use crate::{filters::IpFilter, hooks::Hook};
|
||||
use anyhow::{bail, Result};
|
||||
use log::info;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
@ -8,14 +8,13 @@ use std::{collections::BTreeMap, fs::File};
|
|||
#[serde(deny_unknown_fields)]
|
||||
pub struct MetricsConfig {
|
||||
pub enabled: bool,
|
||||
pub ip_filter: Option<IpFilterWrapper>,
|
||||
pub ip_filter: Option<IpFilter>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize)]
|
||||
#[serde(deny_unknown_fields)]
|
||||
pub struct Config {
|
||||
pub metrics: Option<MetricsConfig>,
|
||||
#[serde(with = "serde_yaml::with::singleton_map_recursive")]
|
||||
pub hooks: BTreeMap<String, Hook>,
|
||||
}
|
||||
|
||||
|
|
|
@ -39,14 +39,6 @@ impl IpFilter {
|
|||
}
|
||||
}
|
||||
|
||||
// FIXME: As `serde_yaml` `0.9` fucks things up, for now this ugly
|
||||
// wrapper is needed.
|
||||
#[derive(Debug, Deserialize, Serialize)]
|
||||
#[serde(transparent)]
|
||||
pub struct IpFilterWrapper(
|
||||
#[serde(with = "serde_yaml::with::singleton_map_recursive")] pub IpFilter,
|
||||
);
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize)]
|
||||
pub struct HeaderFilter {
|
||||
pub field: String,
|
||||
|
|
16
src/hooks.rs
16
src/hooks.rs
|
@ -1,5 +1,5 @@
|
|||
use crate::{
|
||||
filters::{FilterType, IpFilter, IpFilterWrapper},
|
||||
filters::{FilterType, IpFilter},
|
||||
Config, Metrics, WebhookeyError,
|
||||
};
|
||||
use anyhow::{anyhow, bail, Result};
|
||||
|
@ -53,7 +53,7 @@ fn validate_request(secret: &str, signature: &str, data: &[u8]) -> Result<()> {
|
|||
pub struct Hook {
|
||||
command: String,
|
||||
signature: String,
|
||||
ip_filter: Option<IpFilterWrapper>,
|
||||
ip_filter: Option<IpFilter>,
|
||||
secrets: Vec<String>,
|
||||
filter: FilterType,
|
||||
}
|
||||
|
@ -160,7 +160,7 @@ impl Hooks {
|
|||
|
||||
let hooks = config.hooks.iter().filter(|(name, hook)| {
|
||||
if let Some(ip) = &hook.ip_filter {
|
||||
accept_ip(name, client_ip, &ip.0)
|
||||
accept_ip(name, client_ip, ip)
|
||||
} else {
|
||||
info!(
|
||||
"Allow hook `{}` from {}, no IP filter was configured",
|
||||
|
@ -718,9 +718,9 @@ hooks:
|
|||
command: "/usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf"
|
||||
.to_string(),
|
||||
signature: "X-Gitea-Signature".to_string(),
|
||||
ip_filter: Some(IpFilterWrapper(IpFilter::Allow(vec![
|
||||
AddrType::IpNet("127.0.0.1/31".parse().unwrap())
|
||||
]))),
|
||||
ip_filter: Some(IpFilter::Allow(vec![AddrType::IpNet(
|
||||
"127.0.0.1/31".parse().unwrap()
|
||||
)])),
|
||||
secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()],
|
||||
filter: FilterType::JsonFilter(JsonFilter {
|
||||
pointer: "/ref".to_string(),
|
||||
|
@ -787,9 +787,9 @@ hooks:
|
|||
command: "/usr/bin/local/script_xy.sh {{ /field2/foo }} asdfasdf"
|
||||
.to_string(),
|
||||
signature: "X-Gitea-Signature".to_string(),
|
||||
ip_filter: Some(IpFilterWrapper(IpFilter::Allow(vec![AddrType::IpNet(
|
||||
ip_filter: Some(IpFilter::Allow(vec![AddrType::IpNet(
|
||||
"127.0.0.1/31".parse().unwrap()
|
||||
)]))),
|
||||
)])),
|
||||
secrets: vec!["secret_key_01".to_string(), "secret_key_02".to_string()],
|
||||
filter: FilterType::JsonFilter(JsonFilter {
|
||||
pointer: "/ref".to_string(),
|
||||
|
|
|
@ -32,7 +32,7 @@ pub async fn metrics(
|
|||
// Is a filter configured?
|
||||
if let Some(filter) = &metrics_config.ip_filter {
|
||||
// Does the request match the filter?
|
||||
if filter.0.validate(&address.ip()) {
|
||||
if filter.validate(&address.ip()) {
|
||||
return Some(metrics.get_metrics());
|
||||
}
|
||||
} else {
|
||||
|
|
Loading…
Reference in a new issue