finga
ee32424f8c
Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
93 lines
2.7 KiB
Markdown
93 lines
2.7 KiB
Markdown
# Webhookey
|
|
Webhookey is a webserver listening for requests as for example sent by
|
|
gitea's webhooks. Further, Webhookey allows you to specifiy rules
|
|
which are matched against the data received to trigger certain
|
|
actions.
|
|
|
|
## Build
|
|
|
|
### Install Rust
|
|
The Rust toolchain needs to be installed:
|
|
``` sh
|
|
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
|
```
|
|
|
|
Further, for Rocket we need to have the nightly toolchain installed:
|
|
``` sh
|
|
rustup toolchain install nightly
|
|
```
|
|
|
|
### Build Webhookey
|
|
The webhookey project can be built for development:
|
|
``` sh
|
|
cargo b
|
|
```
|
|
|
|
or for releasing:
|
|
``` sh
|
|
cargo b --release
|
|
```
|
|
|
|
### Install Webhookey
|
|
When a Rust toolchain installed you can also install Webhookey
|
|
directly without cloning it manualy:
|
|
``` sh
|
|
cargo install --git https://git.onders.org/finga/webhookey.git webhookey
|
|
```
|
|
|
|
or from within the project:
|
|
``` sh
|
|
cargo install webhookey
|
|
```
|
|
|
|
### Run Webhookey
|
|
Webhookey can either be run from the project directory with:
|
|
``` sh
|
|
cargo b
|
|
```
|
|
|
|
or you can copy the produced binary somewhere else from
|
|
`webhookey/target/{debug, release}/webhookey` depending on which one
|
|
you built.
|
|
|
|
## Configuration
|
|
Configuration syntax is YAML and has to be done in following order:
|
|
|
|
Right now there is only the configuration parameter for hooks, here
|
|
each hook has to be configured, It contains following fields:
|
|
- command: String for a command to be executed when all filters
|
|
match. Pointers ([RFC 6901](https://tools.ietf.org/html/rfc6901)) to
|
|
JSON fields may be used to be replaced with data from the JSON data
|
|
with `{{ /field/pointed/to }}`. Further `{{ event }}` and `{{
|
|
signature }}` are valid variables as they contain the values from
|
|
the regarding header fields of the http request.
|
|
- secrets: List of secrets.
|
|
- filters: List of filters.
|
|
|
|
Each filter must have following fields:
|
|
- pointer: pointer to the JSON field according to [RFC
|
|
6901](https://tools.ietf.org/html/rfc6901)
|
|
- regex: regular expression which has to match the field pointed to by
|
|
the pointer
|
|
|
|
### Configuration paths
|
|
Following locations are checked for a configuration file:
|
|
- `/etc/webhookey/config.yml`
|
|
- `<config_dir>/webhookey/config.yml`
|
|
- `./config.yml`
|
|
|
|
Whereas `<config_dir>` depends on the platform:
|
|
- Linux: `$XDG_CONFIG_HOME` or `$HOME/.config`
|
|
- macOS: `$HOME/Library/Application Support`
|
|
- Windows: `{FOLDERID_RoamingAppData}`
|
|
|
|
# TODOs
|
|
## Use `clap` to parse command line arguments
|
|
## Implement the functionality to reply to certain webhooks
|
|
## Configure rocket via config.yml
|
|
## Security
|
|
### https support
|
|
basically supported, but related to "Configure rocket via config.yml".
|
|
### Authentication features
|
|
### Secure cookies?
|
|
## Use proptest or quickcheck for tests of parsers
|