sheppy/simple-webhook-handler
1
0
Fork 0
mirror of https://github.com/FAUSheppy/simple-webhook-handler synced 2025-12-06 20:21:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

implement github support

Browse Source
This commit is contained in:
Yannik Schmidt
2020-09-18 05:25:18 +02:00
parent 919d358b53
commit 34fae6f57a
1 changed files with 30 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
webhook_listener.py
View File

@@ -5,6 +5,8 @@ import argparse
import json import json
import os import os
import subprocess import subprocess
import hashlib
import hmac
app = flask.Flask("webhook-listener") app = flask.Flask("webhook-listener")
app.config["EXEC_CONFIG"] = "webhook.config" app.config["EXEC_CONFIG"] = "webhook.config"
@@ -28,36 +30,56 @@ def rootPage():
data = flask.request.json data = flask.request.json
if data == None: if data == None:
retString = "POST-request is missing payload." retString = "POST-request is missing payload."
print(retString, file=sys.stderr) print(retString)
return (retString, HTTP_UNPROCESSABLE) return (retString, HTTP_UNPROCESSABLE)
print(json.dumps(flask.request.json, indent=4, sort_keys=True)) print(json.dumps(flask.request.json, indent=4, sort_keys=True))
# check for project in request # check for project in request
project = None project = None
githubMode = False
try: try:
project = data["project"][PROJECT_IDENTIFIER] if "project" in data: # gitlab
project = data["project"][PROJECT_IDENTIFIER]
if "repository" in data: #github
project = data["repository"]["html_url"]
githubMode = True
except KeyError: except KeyError:
retString = "Rejected: missing project/{} json path".format(PROJECT_IDENTIFIER) retString = "Rejected: missing project/{} json path".format(PROJECT_IDENTIFIER)
print(retString, file=sys.stderr) print(retString)
return (retString, HTTP_UNPROCESSABLE) return (retString, HTTP_UNPROCESSABLE)
# check for project in config # # check for project in config #
if not project or project not in config: if not project or project not in config:
retString = "Rejected: project not identified in config" retString = "Rejected: project not identified in config"
print(retString, file=sys.stderr) print(retString)
return (retString, HTTP_NOT_FOUND) return (retString, HTTP_NOT_FOUND)
token, scriptName = config[project] token, scriptName = config[project]
# check authentification # # check authentification #
if TOKEN_HEADER not in flask.request.headers: GITHUB_HEADER = "X-Hub-Signature"
if githubMode:
if GITHUB_HEADER not in flask.request.headers:
retString = "{} not found in headers".format(GITHUB_HEADER)
print(retString)
return (retString, HTTP_FORBIDDEN)
else:
hmacRemote = flask.request.headers[GITHUB_HEADER]
hmacLocal = hmac.new(token.encode(), flask.request.data, hashlib.sha1).hexdigest()
hmacLocal = "sha1=" + hmacLocal
if not hmacLocal == hmacRemote:
retString = "Rejected: Hash found but is mismatch"
print(retString)
return (retString, HTTP_FORBIDDEN)
elif TOKEN_HEADER not in flask.request.headers:
retString = "Rejected: secret token not found in request" retString = "Rejected: secret token not found in request"
print(retString, file=sys.stderr) print(retString)
return (retString, HTTP_FORBIDDEN) return (retString, HTTP_FORBIDDEN)
elif token != flask.request.headers[TOKEN_HEADER]: elif token != flask.request.headers[TOKEN_HEADER]:
retString = "Rejected: secret token found but is mismatch" retString = "Rejected: secret token found but is mismatch"
print(retString, file=sys.stderr) print(retString)
return (retString, HTTP_FORBIDDEN) return (retString, HTTP_FORBIDDEN)
# try to execute script # # try to execute script #
@@ -65,7 +87,7 @@ def rootPage():
executeScript(scriptName) executeScript(scriptName)
except subprocess.CalledProcessError: except subprocess.CalledProcessError:
retString = "Failed: script execution on the server failed" retString = "Failed: script execution on the server failed"
print(retString, file=sys.stderr) print(retString)
return (retString, HTTP_INTERNAL_ERR) return (retString, HTTP_INTERNAL_ERR)
# signal successfull completion # # signal successfull completion #