gohookr/main.go

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"encoding/json"
	"fmt"
	"io"
	"io/ioutil"
	"log"
	"net/http"
	"os"

	"git.alv.cx/alvierahman90/gohookr/config"
	"github.com/gorilla/mux"
)

var config_filename = "/etc/gohookr.json"
var checkSignature = true

func main() {
	var c config.Config

	r := mux.NewRouter()
	r.HandleFunc("/webhooks/{service}", webhookHandler)

	if p, ok := os.LookupEnv("CONFIG"); ok {
		config_filename = p
	}

	if p, ok := os.LookupEnv("NO_SIGNATURE_CHECK"); ok {
		checkSignature = p != "true"
	}

	c, err := loadConfig(config_filename)
	if err != nil {
		panic(err.Error())
	}
	fmt.Printf("CONFIG OK: %s\n", config_filename)
	fmt.Printf("LISTENING AT: %s\n", c.ListenAddress)

	for _, v := range os.Args {
		if v == "checkConfig" {
			return
		}
	}

	log.Fatal(http.ListenAndServe(c.ListenAddress, r))
}

func loadConfig(config_filename string) (config.Config, error) {
	var c config.Config

	raw_config, err := ioutil.ReadFile(config_filename)
	if err != nil {
		return config.Config{}, err
	}

	if err := json.Unmarshal(raw_config, &c); err != nil {
		return config.Config{}, err
	}

	if err := c.Validate(); err != nil {
		return config.Config{}, err
	}

	return c, nil

}

func webhookHandler(w http.ResponseWriter, r *http.Request) {
	c, err := loadConfig(config_filename)
	if err != nil {
		writeResponse(w, 500, "Unable to read config file")
	}
	// Check what service is specified in URL (/webhooks/{service}) and if it exists
	serviceName := string(mux.Vars(r)["service"])
	service, ok := c.Services[serviceName]
	if !ok {
		writeResponse(w, 404, "Service Not Found")
		fmt.Printf("Service not found: %v\n", serviceName)
		return
	}
	fmt.Printf("Got webhook for: %v\n", serviceName)

	// Read payload or return 500 if that doesn't work out
	payload := ""
	if p, err := ioutil.ReadAll(r.Body); err != nil {
		writeResponse(w, 500, "Internal Server Error: Could not read payload")
		fmt.Println("Error: Could not read payload")
		return
	} else {
		payload = string(p)
	}

	// Verify that signature provided matches signature calculated using secretsss
	signature := r.Header.Get(service.SignatureHeader)
	calculatedSignature := fmt.Sprintf(
		"%v%v",
		service.SignaturePrefix,
		getSha256HMACSignature([]byte(service.Secret), payload),
	)
	fmt.Printf("signature          = %v\n", signature)
	fmt.Printf("calcuatedSignature = %v\n", calculatedSignature)
	if checkSignature && !service.DisableSignatureVerification && signature != calculatedSignature {
		writeResponse(w, 400, "Bad Request: Signatures do not match")
		fmt.Println("Signatures do not match!")
		return
	}

	// Run tests and script as goroutine to prevent timing out
	go func() {
		// Run tests, immediately stop if one fails
		for _, test := range service.Tests {
			if _, err := test.Execute(payload); err != nil {
				fmt.Printf("Test failed(%v) for service %v\n", test, serviceName)
				return
			}
		}
		stdout, err := service.Script.Execute(payload)
		fmt.Println(string(stdout))
		if err != nil {
			fmt.Println(err.Error())
		}
	}()

	writeResponse(w, 200, "OK")
	return
}

func writeResponse(w http.ResponseWriter, responseCode int, responseString string) {
	w.WriteHeader(responseCode)
	w.Write([]byte(fmt.Sprintf("%v %v", responseCode, responseString)))
}

func getSha256HMACSignature(secret []byte, data string) string {
	h := hmac.New(sha256.New, secret)
	io.WriteString(h, data)
	return hex.EncodeToString(h.Sum(nil))
}
Initial commit 2021-07-28 15:20:06 +00:00			`package main`

			`import (`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/hex"`
			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"io/ioutil"`
			`"log"`
			`"net/http"`
			`"os"`

update module path thingy 2022-01-21 21:08:05 +00:00			`"git.alv.cx/alvierahman90/gohookr/config"`
Initial commit 2021-07-28 15:20:06 +00:00			`"github.com/gorilla/mux"`
			`)`

Make enpoint prefix plural, change stuff in readme 2021-07-29 06:54:22 +00:00			`var config_filename = "/etc/gohookr.json"`
fix signature comparison logic 2021-07-29 07:29:37 +00:00			`var checkSignature = true`
Initial commit 2021-07-28 15:20:06 +00:00
			`func main() {`
reload config on new webhook request 2022-02-12 14:07:11 +00:00			`var c config.Config`

Initial commit 2021-07-28 15:20:06 +00:00			`r := mux.NewRouter()`
Make enpoint prefix plural, change stuff in readme 2021-07-29 06:54:22 +00:00			`r.HandleFunc("/webhooks/{service}", webhookHandler)`
Initial commit 2021-07-28 15:20:06 +00:00
Allow executed script to have arguments 2021-08-04 10:51:40 +00:00			`if p, ok := os.LookupEnv("CONFIG"); ok {`
			`config_filename = p`
			`}`

			`if p, ok := os.LookupEnv("NO_SIGNATURE_CHECK"); ok {`
			`checkSignature = p != "true"`
			`}`

reload config on new webhook request 2022-02-12 14:07:11 +00:00			`c, err := loadConfig(config_filename)`
Add required field ListenAddress to config, document in readme 2021-07-29 08:41:24 +00:00			`if err != nil {`
			`panic(err.Error())`
			`}`
reload config on new webhook request 2022-02-12 14:07:11 +00:00			`fmt.Printf("CONFIG OK: %s\n", config_filename)`
			`fmt.Printf("LISTENING AT: %s\n", c.ListenAddress)`

			`for _, v := range os.Args {`
			`if v == "checkConfig" {`
			`return`
			`}`
			`}`

			`log.Fatal(http.ListenAndServe(c.ListenAddress, r))`
			`}`

			`func loadConfig(config_filename string) (config.Config, error) {`
			`var c config.Config`

			`raw_config, err := ioutil.ReadFile(config_filename)`
			`if err != nil {`
			`return config.Config{}, err`
			`}`
Move config to separate package 2021-08-04 11:04:01 +00:00
Check if config is valid JSON 2021-09-01 17:57:21 +00:00			`if err := json.Unmarshal(raw_config, &c); err != nil {`
reload config on new webhook request 2022-02-12 14:07:11 +00:00			`return config.Config{}, err`
Check if config is valid JSON 2021-09-01 17:57:21 +00:00			`}`

Move config to separate package 2021-08-04 11:04:01 +00:00			`if err := c.Validate(); err != nil {`
reload config on new webhook request 2022-02-12 14:07:11 +00:00			`return config.Config{}, err`
Initial commit 2021-07-28 15:20:06 +00:00			`}`

reload config on new webhook request 2022-02-12 14:07:11 +00:00			`return c, nil`

Initial commit 2021-07-28 15:20:06 +00:00			`}`

Make enpoint prefix plural, change stuff in readme 2021-07-29 06:54:22 +00:00			`func webhookHandler(w http.ResponseWriter, r *http.Request) {`
reload config on new webhook request 2022-02-12 14:07:11 +00:00			`c, err := loadConfig(config_filename)`
			`if err != nil {`
			`writeResponse(w, 500, "Unable to read config file")`
			`}`
Better logging, comments 2021-08-06 13:53:22 +00:00			`// Check what service is specified in URL (/webhooks/{service}) and if it exists`
			`serviceName := string(mux.Vars(r)["service"])`
			`service, ok := c.Services[serviceName]`
			`if !ok {`
			`writeResponse(w, 404, "Service Not Found")`
			`fmt.Printf("Service not found: %v\n", serviceName)`
			`return`
			`}`
			`fmt.Printf("Got webhook for: %v\n", serviceName)`

			`// Read payload or return 500 if that doesn't work out`
Initial commit 2021-07-28 15:20:06 +00:00			`payload := ""`
			`if p, err := ioutil.ReadAll(r.Body); err != nil {`
			`writeResponse(w, 500, "Internal Server Error: Could not read payload")`
Better logging, comments 2021-08-06 13:53:22 +00:00			`fmt.Println("Error: Could not read payload")`
Initial commit 2021-07-28 15:20:06 +00:00			`return`
			`} else {`
			`payload = string(p)`
			`}`

Add ability to disable signature verification 2021-07-29 06:23:43 +00:00			`// Verify that signature provided matches signature calculated using secretsss`
Initial commit 2021-07-28 15:20:06 +00:00			`signature := r.Header.Get(service.SignatureHeader)`
Actually print calcuated signature to stdout 2021-08-04 21:12:59 +00:00			`calculatedSignature := fmt.Sprintf(`
			`"%v%v",`
			`service.SignaturePrefix,`
			`getSha256HMACSignature([]byte(service.Secret), payload),`
			`)`
			`fmt.Printf("signature = %v\n", signature)`
			`fmt.Printf("calcuatedSignature = %v\n", calculatedSignature)`
Fix signature logic 2021-08-14 00:06:29 +00:00			`if checkSignature && !service.DisableSignatureVerification && signature != calculatedSignature {`
Initial commit 2021-07-28 15:20:06 +00:00			`writeResponse(w, 400, "Bad Request: Signatures do not match")`
Better logging, comments 2021-08-06 13:53:22 +00:00			`fmt.Println("Signatures do not match!")`
Initial commit 2021-07-28 15:20:06 +00:00			`return`
			`}`

Better logging, comments 2021-08-06 13:53:22 +00:00			`// Run tests and script as goroutine to prevent timing out`
reload config on new webhook request 2022-02-12 14:07:11 +00:00			`go func() {`
Run tests and script in parralel to prevent timing out 2021-08-04 21:17:43 +00:00			`// Run tests, immediately stop if one fails`
			`for _, test := range service.Tests {`
			`if _, err := test.Execute(payload); err != nil {`
Better logging, comments 2021-08-06 13:53:22 +00:00			`fmt.Printf("Test failed(%v) for service %v\n", test, serviceName)`
Run tests and script in parralel to prevent timing out 2021-08-04 21:17:43 +00:00			`return`
			`}`
Only execute if all tests are successful 2021-07-29 06:30:50 +00:00			`}`
Run tests and script in parralel to prevent timing out 2021-08-04 21:17:43 +00:00			`stdout, err := service.Script.Execute(payload)`
convert stdout to string before printing 2021-08-04 21:18:53 +00:00			`fmt.Println(string(stdout))`
Run tests and script in parralel to prevent timing out 2021-08-04 21:17:43 +00:00			`if err != nil {`
			`fmt.Println(err.Error())`
			`}`
			`}()`
Only execute if all tests are successful 2021-07-29 06:30:50 +00:00
Run tests and script in parralel to prevent timing out 2021-08-04 21:17:43 +00:00			`writeResponse(w, 200, "OK")`
			`return`
Initial commit 2021-07-28 15:20:06 +00:00			`}`

			`func writeResponse(w http.ResponseWriter, responseCode int, responseString string) {`
			`w.WriteHeader(responseCode)`
			`w.Write([]byte(fmt.Sprintf("%v %v", responseCode, responseString)))`
			`}`

			`func getSha256HMACSignature(secret []byte, data string) string {`
			`h := hmac.New(sha256.New, secret)`
			`io.WriteString(h, data)`
			`return hex.EncodeToString(h.Sum(nil))`
			`}`