feat: handle gitea webhook
This commit is contained in:
commit
99dafce303
|
@ -0,0 +1,3 @@
|
|||
configs/*
|
||||
coverage/*
|
||||
bin
|
|
@ -0,0 +1,2 @@
|
|||
secret: ""
|
||||
port: 8824
|
|
@ -0,0 +1,5 @@
|
|||
module gitea.urkob.com/urko/gitea-webhook-listener
|
||||
|
||||
go 1.22.0
|
||||
|
||||
require gopkg.in/yaml.v2 v2.4.0
|
|
@ -0,0 +1,4 @@
|
|||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
|
@ -0,0 +1,28 @@
|
|||
package config
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"gopkg.in/yaml.v2"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
Secret string `yaml:"secret"`
|
||||
Port int `yaml:"port"`
|
||||
BinaryPath string `yaml:"binary_path"`
|
||||
ScriptPath string `yaml:"script_path"`
|
||||
}
|
||||
|
||||
func LoadConfig(path string) (*Config, error) {
|
||||
data, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var config Config
|
||||
if err := yaml.Unmarshal(data, &config); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &config, nil
|
||||
}
|
|
@ -0,0 +1,80 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
"gitea.urkob.com/urko/gitea-webhook-listener/kit/config"
|
||||
)
|
||||
|
||||
func main() {
|
||||
cfg, err := config.LoadConfig(".configs/app.yml")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
http.HandleFunc("/payload", handlePayload(cfg.Secret, cfg.BinaryPath, cfg.ScriptPath))
|
||||
http.ListenAndServe(fmt.Sprintf(":%d", cfg.Port), nil)
|
||||
}
|
||||
|
||||
func handlePayload(secret, binaryPath, scriptPath string) func(w http.ResponseWriter, r *http.Request) {
|
||||
return (func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// Read the request body
|
||||
body, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to read request body", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
defer r.Body.Close()
|
||||
|
||||
// Verify the signature
|
||||
if !verifySignature(body, r.Header.Get("X-Hub-Signature-256"), []byte(secret)) {
|
||||
http.Error(w, "Signatures didn't match", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// Parse the JSON payload
|
||||
var payload interface{}
|
||||
err = json.Unmarshal(body, &payload)
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to parse JSON payload", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// TODO: Do something with the payload
|
||||
fmt.Fprintf(w, "I got some JSON: %v", payload)
|
||||
|
||||
if err := execute(binaryPath, scriptPath); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func execute(binaryPath, scriptPath string) error {
|
||||
cmd := exec.Command(binaryPath, scriptPath)
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
|
||||
if err := cmd.Run(); err != nil {
|
||||
return fmt.Errorf("cmd.Run %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func verifySignature(payload []byte, signature string, secret []byte) bool {
|
||||
// Compute the expected signature
|
||||
mac := hmac.New(sha256.New, secret)
|
||||
mac.Write(payload)
|
||||
expectedSignature := hex.EncodeToString(mac.Sum(nil))
|
||||
|
||||
// Compare the expected signature with the actual signature
|
||||
return hmac.Equal([]byte(signature), []byte("sha256="+expectedSignature))
|
||||
}
|
Loading…
Reference in New Issue