gohookr/main.go

115 lines
2.6 KiB
Go
Raw Normal View History

2021-07-28 15:20:06 +00:00
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
"os"
"os/exec"
"github.com/gorilla/mux"
)
var config_filename = "/etc/ghookr.json"
var noSignatureCheck = false
2021-07-28 15:20:06 +00:00
func main() {
r := mux.NewRouter()
r.HandleFunc("/webhook/{service}", webhook)
port := ":80"
if p, ok := os.LookupEnv("PORT"); ok {
port = fmt.Sprintf(":%v", p)
}
if p, ok := os.LookupEnv("CONFIG"); ok {
config_filename = p
}
if p, ok := os.LookupEnv("NO_SIGNATURE_CHECK"); ok {
noSignatureCheck = p == "true"
}
2021-07-28 15:20:06 +00:00
log.Fatal(http.ListenAndServe(port, r))
}
func webhook(w http.ResponseWriter, r *http.Request) {
payload := ""
if p, err := ioutil.ReadAll(r.Body); err != nil {
writeResponse(w, 500, "Internal Server Error: Could not read payload")
return
} else {
payload = string(p)
}
raw_config, err := ioutil.ReadFile(config_filename)
if err != nil {
writeResponse(w, 500, "Internal Server Error: Could not open config file")
return
}
config := Config{}
json.Unmarshal(raw_config, &config)
2021-07-29 06:30:19 +00:00
// check what service is specified in URL (/webhook/{service}) and if it exists
service, ok := config.Services[string(mux.Vars(r)["service"])]
if !ok {
2021-07-28 15:20:06 +00:00
writeResponse(w, 404, "Service Not Found")
return
}
// Verify that signature provided matches signature calculated using secretsss
2021-07-28 15:20:06 +00:00
signature := r.Header.Get(service.SignatureHeader)
calculatedSignature := getSha256HMACSignature([]byte(service.Secret), payload)
if noSignatureCheck || signature == calculatedSignature {
2021-07-28 15:20:06 +00:00
writeResponse(w, 400, "Bad Request: Signatures do not match")
return
}
// Run tests, immediately stop if one fails
for _, test := range service.Tests {
if _, err := exec.Command(test[0], test[1:]...).Output(); err != nil {
writeResponse(w, 409,
fmt.Sprintf("409 Conflict: Test failed: %v", err.Error()),
)
return
}
}
2021-07-28 15:20:06 +00:00
if stdout, err := exec.Command(service.Script, payload).Output(); err != nil {
writeResponse(w, 500, err.Error())
return
} else {
writeResponse(w, 200, string(stdout))
return
}
}
func writeResponse(w http.ResponseWriter, responseCode int, responseString string) {
w.WriteHeader(responseCode)
w.Write([]byte(fmt.Sprintf("%v %v", responseCode, responseString)))
}
func getSha256HMACSignature(secret []byte, data string) string {
h := hmac.New(sha256.New, secret)
io.WriteString(h, data)
return hex.EncodeToString(h.Sum(nil))
}
type Service struct {
Gitea bool
Script string
Secret string
SignatureHeader string
Tests [][]string
2021-07-28 15:20:06 +00:00
}
type Config struct {
Services map[string]Service
}