Compare commits

..

No commits in common. "2255b1f158c4a736a2ae26eb7a966224492f934f" and "99dafce303c24388196e0a5ef0c4ff98b7def4b3" have entirely different histories.

4 changed files with 25 additions and 112 deletions

View File

@ -1,34 +0,0 @@
# Start from the official Golang base image version 1.22
FROM golang:1.22-alpine as builder
# Set the Current Working Directory inside the container
WORKDIR /app
# Copy go mod and sum files
COPY go.mod go.sum ./
# Download all dependencies. Dependencies will be cached if the go.mod and go.sum files are not changed
RUN go mod download
# Copy the source code into the container
COPY . .
# Build the Go app
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o webhook-listener .
# Start a new stage from scratch using a slim version of Alpine for a smaller image size
FROM alpine:latest
WORKDIR /root/
# Copy the Pre-built binary file from the previous stage
COPY --from=builder /app/webhook-listener .
# Environment variable for the port, set a default value if not provided
ENV PORT=62082
# Expose the port specified by the PORT environment variable
EXPOSE $PORT
# Command to run the executable, modified to use the environment variable for the port
CMD ["./webhook-listener"]

View File

@ -1,45 +0,0 @@
#!/bin/bash
# Define variables
IMAGE_NAME="gitea-webhook-listener"
DOCKERFILE_PATH="./"
VERSION_FILE="version.txt"
REGISTRY="registry.fungimail.llc"
NAMESPACE="urko"
# Version management
if [ ! -f "$VERSION_FILE" ]; then
echo "Version file not found, creating one with version 1..."
echo "1" > $VERSION_FILE
fi
VERSION=$(cat $VERSION_FILE)
echo "Current version is $VERSION."
# Increment the version
VERSION=$((VERSION+1))
echo "Incrementing to new version $VERSION..."
echo $VERSION > $VERSION_FILE
# Step 1: Build the Docker image with the new version tag
echo "Building Docker image $IMAGE_NAME:$VERSION..."
docker build -t $IMAGE_NAME:$VERSION $DOCKERFILE_PATH
# Step 1b: Tag the image for the registry with version
FULL_IMAGE_NAME_VERSION="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${VERSION}"
echo "Tagging image for registry as $FULL_IMAGE_NAME_VERSION..."
docker tag $IMAGE_NAME:$VERSION $FULL_IMAGE_NAME_VERSION
# Step 1c: Tag the image for the registry with 'latest'
FULL_IMAGE_NAME_LATEST="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:latest"
echo "Tagging image for registry as $FULL_IMAGE_NAME_LATEST..."
docker tag $IMAGE_NAME:$VERSION $FULL_IMAGE_NAME_LATEST
# Step 1d: Push the versioned image to the Docker registry
echo "Pushing $FULL_IMAGE_NAME_VERSION to the Docker registry..."
docker push $FULL_IMAGE_NAME_VERSION
# Step 1e: Push the latest image to the Docker registry
echo "Pushing $FULL_IMAGE_NAME_LATEST to the Docker registry..."
docker push $FULL_IMAGE_NAME_LATEST

View File

@ -7,13 +7,10 @@ import (
)
type Config struct {
Secret string `yaml:"secret"`
Port int `yaml:"port"`
Scripts map[string]ConfigScript `yaml:"scripts"`
}
type ConfigScript struct {
BinaryPath string `yaml:"binary"`
ScriptPath string `yaml:"script"`
Secret string `yaml:"secret"`
Port int `yaml:"port"`
BinaryPath string `yaml:"binary_path"`
ScriptPath string `yaml:"script_path"`
}
func LoadConfig(path string) (*Config, error) {

47
main.go
View File

@ -1,32 +1,31 @@
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
"io"
"log"
"net/http"
"os"
"os/exec"
"path"
"runtime"
"gitea.urkob.com/urko/gitea-webhook-listener/kit/config"
)
func main() {
// Get root path
_, filename, _, _ := runtime.Caller(0)
cfg, err := config.LoadConfig(path.Join(path.Dir(filename), "configs", "app.yml"))
cfg, err := config.LoadConfig(".configs/app.yml")
if err != nil {
log.Fatalf("Error loading config: %v", err)
panic(err)
}
http.HandleFunc("/", handlePayload(cfg.Secret, cfg.Scripts))
http.HandleFunc("/payload", handlePayload(cfg.Secret, cfg.BinaryPath, cfg.ScriptPath))
http.ListenAndServe(fmt.Sprintf(":%d", cfg.Port), nil)
}
func handlePayload(secret string, scripts map[string]config.ConfigScript) func(w http.ResponseWriter, r *http.Request) {
func handlePayload(secret, binaryPath, scriptPath string) func(w http.ResponseWriter, r *http.Request) {
return (func(w http.ResponseWriter, r *http.Request) {
// Read the request body
body, err := io.ReadAll(r.Body)
if err != nil {
@ -35,26 +34,12 @@ func handlePayload(secret string, scripts map[string]config.ConfigScript) func(w
}
defer r.Body.Close()
authHeader := r.Header.Get("Authorization")
log.Println("authHeader", authHeader)
if authHeader != secret {
// Verify the signature
if !verifySignature(body, r.Header.Get("X-Hub-Signature-256"), []byte(secret)) {
http.Error(w, "Signatures didn't match", http.StatusUnauthorized)
return
}
if !r.URL.Query().Has("project") {
http.Error(w, "", http.StatusBadRequest)
return
}
project := r.URL.Query().Get("project")
scr, found := scripts[project]
if !found {
http.Error(w, "not found", http.StatusNotFound)
return
}
log.Println("body", body)
// Parse the JSON payload
var payload interface{}
err = json.Unmarshal(body, &payload)
@ -66,7 +51,7 @@ func handlePayload(secret string, scripts map[string]config.ConfigScript) func(w
// TODO: Do something with the payload
fmt.Fprintf(w, "I got some JSON: %v", payload)
if err := execute(scr.BinaryPath, scr.ScriptPath); err != nil {
if err := execute(binaryPath, scriptPath); err != nil {
panic(err)
}
})
@ -83,3 +68,13 @@ func execute(binaryPath, scriptPath string) error {
return nil
}
func verifySignature(payload []byte, signature string, secret []byte) bool {
// Compute the expected signature
mac := hmac.New(sha256.New, secret)
mac.Write(payload)
expectedSignature := hex.EncodeToString(mac.Sum(nil))
// Compare the expected signature with the actual signature
return hmac.Equal([]byte(signature), []byte("sha256="+expectedSignature))
}