don't remember what this does lol

.gitignore

@@ -0,0 +1 @@
+gohookr

Makefile

@@ -0,0 +1,20 @@
+all: install
+
+clean:
+	rm -rf gohookr
+
+install: build
+	cp gohookr /usr/local/bin/
+	cp gohookr.service /usr/lib/systemd/system/
+	cp -n config.json /etc/gohookr.json
+	systemctl daemon-reload
+	systemctl enable --now gohookr
+
+build:
+	go mod tidy
+	go build -o gohookr
+
+uninstall:
+	systemctl disable --now gohookr
+	rm -rf /usr/local/bin/gohookr /usr/lib/systemd/system/gohookr.service
+	systemctl daemon-reload

config.json

@@ -2,13 +2,30 @@
   "ListenAddress": "127.0.0.1:8654",
   "Services": {
     "test": {
-      "Script": "./example.sh",
-      "Secret": "THISISVERYSECRET",
-      "SignatureHeader": "X-Gitea-Signature",
+      "Script": {
+          "Program": "./example.sh",
+          "AppendPayload": true
+      },
+      "DisableSignatureVerification": true,
       "Tests": [
         {
-          "Command": "git",
-          "Arguments": [ "pull" ]
+          "Program": "echo",
+          "Arguments": [ "test" ]
+        }
+      ]
+    },
+    "fails_tests": {
+      "Script": {
+          "Program": "./example.sh",
+          "AppendPayload": true
+      },
+      "Secret": "who_cares",
+      "SignatureHeader": "X-Hub-Signature-256",
+      "SignaturePrefix": "sha256=",
+      "Tests": [
+        {
+          "Program": "false",
+          "Arguments": []
         }
       ]
     }

config.yml

@@ -0,0 +1,13 @@
+listenaddress: 127.0.0.1:8654
+services:
+  test:
+    script:
+      program: "echo"
+      arguments: 
+        - test
+    tests:
+      - program: ./example.sh
+        appendpayload: true
+    disablesignatureverification: false
+    signatureheader: test
+    secret: thisisasecret

config/command.go

@@ -0,0 +1,30 @@
+package config
+
+import (
+	"fmt"
+	"os/exec"
+)
+
+type Command struct {
+	Program       string
+	Arguments     []string
+	AppendPayload bool
+}
+
+func (c Command) Execute(payload string) ([]byte, error) {
+	arguments := make([]string, 0)
+	copy(c.Arguments, arguments)
+	if c.AppendPayload {
+		arguments = append(arguments, payload)
+	}
+
+	return exec.Command(c.Program, arguments...).Output()
+}
+
+func (c Command) String() string {
+	return fmt.Sprintf(
+		"<Command cmd=%v AppendPayload=%v>",
+		append([]string{c.Program}, c.Arguments...),
+		c.AppendPayload,
+	)
+}

config/config.go

@@ -0,0 +1,62 @@
+package config
+
+import (
+	"encoding/json"
+	"io/ioutil"
+
+	"gopkg.in/yaml.v3"
+)
+
+// The struct that represents the config.json file
+type Config struct {
+	ListenAddress string
+	Services      map[string]struct {
+		Script                       Command
+		Secret                       string
+		SignaturePrefix              string
+		SignatureHeader              string
+		DisableSignatureVerification bool
+		Tests                        []Command
+	}
+}
+
+// Check that all required fields are filled in
+func (c Config) Validate() error {
+	if c.ListenAddress == "" {
+		return requiredFieldError{"ListenAddress", ""}
+	}
+
+	for serviceName, service := range c.Services {
+		if service.Script.Program == "" {
+			return requiredFieldError{"Script.Program", serviceName}
+		}
+		if !service.DisableSignatureVerification && service.SignatureHeader == "" {
+			return requiredFieldError{"SignatureHeader", serviceName}
+		}
+		if !service.DisableSignatureVerification && service.Secret == "" {
+			return requiredFieldError{"Secret", serviceName}
+		}
+	}
+
+	return nil
+}
+
+func (c *Config) Load(config_filename string) error {
+
+	raw_config, err := ioutil.ReadFile(config_filename)
+	if err != nil {
+		return err
+	}
+
+	err = json.Unmarshal(raw_config, &c)
+	if err == nil {
+		return c.Validate()
+	}
+
+	err = yaml.Unmarshal(raw_config, &c)
+	if err == nil {
+		return c.Validate()
+	}
+
+	return err
+}

config/errors.go

@@ -0,0 +1,12 @@
+package config
+
+import "fmt"
+
+type requiredFieldError struct {
+	fieldName   string
+	serviceName string
+}
+
+func (e requiredFieldError) Error() string {
+	return fmt.Sprintf("%v cannot be empty (%v)", e.fieldName, e.serviceName)
+}

example.sh

@@ -1,2 +1,3 @@
 #!/usr/bin/bash
 date >> test_output
+echo "$1" >> test_output

go.mod

@@ -1,5 +1,8 @@
-module git.alra.uk/alvierahman90/gohookr
+module git.alv.cx/alvierahman90/gohookr
 
 go 1.16
 
-require github.com/gorilla/mux v1.8.0
+require (
+	github.com/gorilla/mux v1.8.0
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
+)

go.sum

@@ -1,2 +1,6 @@
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -4,36 +4,26 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/hex"
-	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
-	"os/exec"
 
+	"git.alv.cx/alvierahman90/gohookr/config"
 	"github.com/gorilla/mux"
 )
 
 var config_filename = "/etc/gohookr.json"
 var checkSignature = true
-var config Config
 
 func main() {
+	var c config.Config
+
 	r := mux.NewRouter()
 	r.HandleFunc("/webhooks/{service}", webhookHandler)
 
-	raw_config, err := ioutil.ReadFile(config_filename)
-	if err != nil {
-		panic(err.Error())
-	}
-	config = Config{}
-	json.Unmarshal(raw_config, &config)
-	if err := config.Validate(); err != nil {
-		panic(err.Error())
-	}
-
 	if p, ok := os.LookupEnv("CONFIG"); ok {
 		config_filename = p
 	}
@@ -42,52 +32,81 @@ func main() {
 		checkSignature = p != "true"
 	}
 
-	log.Fatal(http.ListenAndServe(config.ListenAddress, r))
+	var err = c.Load(config_filename)
+	if err != nil {
+		panic(err.Error())
+	}
+	fmt.Printf("CONFIG OK: %s\n", config_filename)
+	fmt.Printf("LISTENING AT: %s\n", c.ListenAddress)
+
+	for _, v := range os.Args {
+		if v == "checkConfig" {
+			return
+		}
+	}
+
+	log.Fatal(http.ListenAndServe(c.ListenAddress, r))
 }
 
 func webhookHandler(w http.ResponseWriter, r *http.Request) {
+	var c config.Config
+	var err = c.Load(config_filename)
+	if err != nil {
+		writeResponse(w, 500, "Unable to read config file")
+	}
+	// Check what service is specified in URL (/webhooks/{service}) and if it exists
+	serviceName := string(mux.Vars(r)["service"])
+	service, ok := c.Services[serviceName]
+	if !ok {
+		writeResponse(w, 404, "Service Not Found")
+		fmt.Printf("Service not found: %v\n", serviceName)
+		return
+	}
+	fmt.Printf("Got webhook for: %v\n", serviceName)
+
+	// Read payload or return 500 if that doesn't work out
 	payload := ""
 	if p, err := ioutil.ReadAll(r.Body); err != nil {
 		writeResponse(w, 500, "Internal Server Error: Could not read payload")
+		fmt.Println("Error: Could not read payload")
 		return
 	} else {
 		payload = string(p)
 	}
 
-	// check what service is specified in URL (/webhooks/{service}) and if it exists
-	service, ok := config.Services[string(mux.Vars(r)["service"])]
-	if !ok {
-		writeResponse(w, 404, "Service Not Found")
-		return
-	}
-
 	// Verify that signature provided matches signature calculated using secretsss
 	signature := r.Header.Get(service.SignatureHeader)
-	calculatedSignature := getSha256HMACSignature([]byte(service.Secret), payload)
-	fmt.Printf("signature = %v\n", signature)
-	fmt.Printf("calcuatedSignature = %v\n", signature)
-	if signature != calculatedSignature && checkSignature {
+	calculatedSignature := fmt.Sprintf(
+		"%v%v",
+		service.SignaturePrefix,
+		getSha256HMACSignature([]byte(service.Secret), payload),
+	)
+	fmt.Printf("signature          = %v\n", signature)
+	fmt.Printf("calcuatedSignature = %v\n", calculatedSignature)
+	if checkSignature && !service.DisableSignatureVerification && signature != calculatedSignature {
 		writeResponse(w, 400, "Bad Request: Signatures do not match")
+		fmt.Println("Signatures do not match!")
 		return
 	}
 
-	// Run tests, immediately stop if one fails
-	for _, test := range service.Tests {
-		if _, err := exec.Command(test.Command, test.Arguments...).Output(); err != nil {
-			writeResponse(w, 409,
-				fmt.Sprintf("409 Conflict: Test failed: %v", err.Error()),
-			)
-			return
+	// Run tests and script as goroutine to prevent timing out
+	go func() {
+		// Run tests, immediately stop if one fails
+		for _, test := range service.Tests {
+			if _, err := test.Execute(payload); err != nil {
+				fmt.Printf("Test failed(%v) for service %v\n", test, serviceName)
+				return
+			}
 		}
-	}
+		stdout, err := service.Script.Execute(payload)
+		fmt.Println(string(stdout))
+		if err != nil {
+			fmt.Println(err.Error())
+		}
+	}()
 
-	if stdout, err := exec.Command(service.Script, payload).Output(); err != nil {
-		writeResponse(w, 500, err.Error())
-		return
-	} else {
-		writeResponse(w, 200, string(stdout))
-		return
-	}
+	writeResponse(w, 200, "OK")
+	return
 }
 
 func writeResponse(w http.ResponseWriter, responseCode int, responseString string) {
@@ -100,49 +119,3 @@ func getSha256HMACSignature(secret []byte, data string) string {
 	io.WriteString(h, data)
 	return hex.EncodeToString(h.Sum(nil))
 }
-
-func (c Config) Validate() error {
-	if c.ListenAddress == "" {
-		return requiredFieldError{"ListenAddress", ""}
-	}
-
-	for serviceName, service := range c.Services {
-		if service.Script == "" {
-			return requiredFieldError{"Script", serviceName}
-		}
-		if service.SignatureHeader == "" {
-			return requiredFieldError{"SignatureHeader", serviceName}
-		}
-		if service.Secret == "" {
-			return requiredFieldError{"Secret", serviceName}
-		}
-	}
-
-	return nil
-}
-
-type Test struct {
-	Command   string
-	Arguments []string
-}
-
-type Service struct {
-	Script          string
-	Secret          string
-	SignatureHeader string
-	Tests           []Test
-}
-
-type Config struct {
-	ListenAddress string
-	Services      map[string]Service
-}
-
-type requiredFieldError struct {
-	fieldName   string
-	serviceName string
-}
-
-func (e requiredFieldError) Error() string {
-	return fmt.Sprintf("%v cannot be empty (%v)", e.fieldName, e.serviceName)
-}

readme.md

@@ -2,37 +2,56 @@
 
 A _really_ simple webhook receiver, which listens at `/webhooks/<webhook-name>`.
 
-Default config path is `/etc/gohookr.conf` and can be overriden by setting environment variable
-`CONFIG`.
-
-Check below for an example configuration.
-
 ## Installation
 
 After you [install go](https://golang.org/doc/install):
 
 ```
-go mod tidy
-go build
-cp gohookr /usr/local/bin/
-cp gohookr.service /usr/lib/systemd/system/
-systemctl daemon-reload
-systemctl enable --now gohookr
+make
 ```
 
-## Signature Verification
+## Configuration
+
+Default config path is `/etc/gohookr.json`.
+It can be overriden by setting environment variable `CONFIG`.
+
+The config file will be re-read every request so service configs can be changed without restarting
+the service (unless you want to change the listening port).
+
+Check below for an example configuration, which should tell you most of the things you need to know
+to configure gohookr.
+
+You can test your config file by running
+
+```
+gohookr checkConfig
+```
+
+### Signature Verification
 
 Signature verificaiton is done using SHA256 HMACs.
 You **must** set which HTTP header gohookr will receive a signature from using the `SignatureHeader`
 key for each service.
 You should also specify a shared secret in the `Secret` key.
 
-### Disable Signature Verification
+You may also need to specify a `SignaturePrefix`.
+For GitHub it would be `sha256=`.
 
-You can disable signature verification altogether by setting environment variable
+#### Disable Signature Verification
+
+You can disable signature verification by setting `DisableSignatureVerification` for a service to
+`true`.
+
+You can disable signature verification for all services by setting environment variable
 `NO_SIGNATURE_VERIFICATION` to `true`.
 
-## Tests
+### Writing Commands
+
+gohookr doesn't care what the command is as long as the `Program` is executable.
+You can specify extra arguments with the `Arguments` field.
+You can ask it to put the payload as the last argument by setting `AppendPayload` to true.
+
+### Writing Tests
 
 gohookr can run test before running your script.
 Tests must be in the form of bash scripts.
@@ -40,13 +59,13 @@ A non-zero return code is considered a fail and gohookr will run no further test
 deploy.
 
 Tests are run in the order they're listed so any actions that need to be done before
-real tests are run can simply be put before the tests.
+tests are run can simply be put in this section before the tests.
 
-## Example Config
+### Example Config
 
 Required config keys are `ListenAddress` and `Services`.
 
-Requried keys per service are `Script`, `Secret`, `SignatureHeader`.
+Requried keys per service are `Script.Program`, `Secret`, `SignatureHeader`.
 
 An example config file can be found [here](./config.json) but also below:
 
@@ -55,13 +74,30 @@ An example config file can be found [here](./config.json) but also below:
   "ListenAddress": "127.0.0.1:8654",
   "Services": {
     "test": {
-      "Script": "./example.sh",
-      "Secret": "THISISVERYSECRET",
-      "SignatureHeader": "X-Gitea-Signature",
+      "Script": {
+          "Program": "./example.sh",
+          "AppendPayload": true
+      },
+      "DisableSignatureVerification": true,
       "Tests": [
         {
-          "Command": "git",
-          "Arguments": [ "pull" ]
+          "Program": "echo",
+          "Arguments": [ "test" ]
+        }
+      ]
+    },
+    "fails_tests": {
+      "Script": {
+          "Program": "./example.sh",
+          "AppendPayload": true
+      },
+      "Secret": "who_cares",
+      "SignatureHeader": "X-Hub-Signature-256",
+      "SignaturePrefix": "sha256=",
+      "Tests": [
+        {
+          "Program": "false",
+          "Arguments": []
         }
       ]
     }