added webhook plugin v1
parent
ad78194372
commit
3e8b71333e
@ -0,0 +1,38 @@
|
||||
// Copyright 2018 Drone.IO Inc.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package webhook
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/drone/drone-go/plugin/internal/client"
|
||||
)
|
||||
|
||||
// Client returns a new plugin client.
|
||||
func Client(endpoint, secret string, skipverify bool) Plugin {
|
||||
client := client.New(endpoint, secret, skipverify)
|
||||
client.Accept = V1
|
||||
return &pluginClient{
|
||||
client: client,
|
||||
}
|
||||
}
|
||||
|
||||
type pluginClient struct {
|
||||
client *client.Client
|
||||
}
|
||||
|
||||
func (c *pluginClient) Deliver(ctx context.Context, in *Request) error {
|
||||
return c.client.Do(in, nil)
|
||||
}
|
@ -0,0 +1,90 @@
|
||||
// Copyright 2018 Drone.IO Inc.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package webhook
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
|
||||
"github.com/drone/drone-go/plugin/logger"
|
||||
|
||||
"github.com/99designs/httpsignatures-go"
|
||||
)
|
||||
|
||||
// Handler returns a http.Handler that accepts JSON-encoded
|
||||
// HTTP requests for a webhook, invokes the underlying webhook
|
||||
// plugin, and writes the JSON-encoded data to the HTTP response.
|
||||
//
|
||||
// The handler verifies the authenticity of the HTTP request
|
||||
// using the http-signature, and returns a 400 Bad Request if
|
||||
// the signature is missing or invalid.
|
||||
//
|
||||
// The handler can optionally encrypt the response body using
|
||||
// aesgcm if the HTTP request includes the Accept-Encoding header
|
||||
// set to aesgcm.
|
||||
func Handler(plugin Plugin, secret string, logs logger.Logger) http.Handler {
|
||||
handler := &handler{
|
||||
secret: secret,
|
||||
plugin: plugin,
|
||||
logger: logs,
|
||||
}
|
||||
if handler.logger == nil {
|
||||
handler.logger = logger.Discard()
|
||||
}
|
||||
return handler
|
||||
}
|
||||
|
||||
type handler struct {
|
||||
secret string
|
||||
plugin Plugin
|
||||
logger logger.Logger
|
||||
}
|
||||
|
||||
func (p *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
signature, err := httpsignatures.FromRequest(r)
|
||||
if err != nil {
|
||||
p.logger.Debugf("webhook: invalid or missing signature in http.Request")
|
||||
http.Error(w, "Invalid or Missing Signature", 400)
|
||||
return
|
||||
}
|
||||
if !signature.IsValid(p.secret, r) {
|
||||
p.logger.Debugf("webhook: invalid signature in http.Request")
|
||||
http.Error(w, "Invalid Signature", 400)
|
||||
return
|
||||
}
|
||||
|
||||
body, err := ioutil.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
p.logger.Debugf("webhook: cannot read http.Request body")
|
||||
w.WriteHeader(400)
|
||||
return
|
||||
}
|
||||
|
||||
req := &Request{}
|
||||
err = json.Unmarshal(body, req)
|
||||
if err != nil {
|
||||
p.logger.Debugf("webhook: cannot unmarshal http.Request body")
|
||||
http.Error(w, "Invalid Input", 400)
|
||||
return
|
||||
}
|
||||
|
||||
err = p.plugin.Deliver(r.Context(), req)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), 500)
|
||||
} else {
|
||||
w.WriteHeader(204)
|
||||
}
|
||||
}
|
@ -0,0 +1,126 @@
|
||||
// Copyright 2018 Drone.IO Inc.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package webhook
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/99designs/httpsignatures-go"
|
||||
)
|
||||
|
||||
func TestHandler(t *testing.T) {
|
||||
key := "xVKAGlWQiY3sOp8JVc0nbuNId3PNCgWh"
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
json.NewEncoder(buf).Encode(&Request{})
|
||||
|
||||
res := httptest.NewRecorder()
|
||||
req := httptest.NewRequest("GET", "/", buf)
|
||||
req.Header.Add("Date", time.Now().UTC().Format(http.TimeFormat))
|
||||
|
||||
err := httpsignatures.DefaultSha256Signer.AuthRequest("hmac-key", key, req)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
plugin := &mockPlugin{
|
||||
err: nil,
|
||||
}
|
||||
|
||||
handler := Handler(plugin, key, nil)
|
||||
handler.ServeHTTP(res, req)
|
||||
|
||||
if got, want := res.Code, 204; got != want {
|
||||
t.Errorf("Want status code %d, got %d", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHandlerError(t *testing.T) {
|
||||
key := "xVKAGlWQiY3sOp8JVc0nbuNId3PNCgWh"
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
json.NewEncoder(buf).Encode(&Request{})
|
||||
|
||||
res := httptest.NewRecorder()
|
||||
req := httptest.NewRequest("GET", "/", buf)
|
||||
req.Header.Add("Date", time.Now().UTC().Format(http.TimeFormat))
|
||||
|
||||
err := httpsignatures.DefaultSha256Signer.AuthRequest("hmac-key", key, req)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
plugin := &mockPlugin{
|
||||
err: errors.New("pc load letter"),
|
||||
}
|
||||
|
||||
handler := Handler(plugin, key, nil)
|
||||
handler.ServeHTTP(res, req)
|
||||
|
||||
if got, want := res.Code, 500; got != want {
|
||||
t.Errorf("Want status code %d, got %d", want, got)
|
||||
}
|
||||
|
||||
got, want := strings.TrimSpace(res.Body.String()), plugin.err.Error()
|
||||
if got != want {
|
||||
t.Errorf("Want error %q, got %q", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHandler_MissingSignature(t *testing.T) {
|
||||
res := httptest.NewRecorder()
|
||||
req := httptest.NewRequest("GET", "/", nil)
|
||||
|
||||
handler := Handler(nil, "xVKAGlWQiY3sOp8JVc0nbuNId3PNCgWh", nil)
|
||||
handler.ServeHTTP(res, req)
|
||||
|
||||
got, want := res.Body.String(), "Invalid or Missing Signature\n"
|
||||
if got != want {
|
||||
t.Errorf("Want response body %q, got %q", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHandler_InvalidSignature(t *testing.T) {
|
||||
sig := `keyId="hmac-key",algorithm="hmac-sha256",signature="QrS16+RlRsFjXn5IVW8tWz+3ZRAypjpNgzehEuvJksk=",headers="(request-target) accept accept-encoding content-type date digest"`
|
||||
res := httptest.NewRecorder()
|
||||
req := httptest.NewRequest("GET", "/", nil)
|
||||
req.Header.Set("Signature", sig)
|
||||
|
||||
handler := Handler(nil, "xVKAGlWQiY3sOp8JVc0nbuNId3PNCgWh", nil)
|
||||
handler.ServeHTTP(res, req)
|
||||
|
||||
got, want := res.Body.String(), "Invalid Signature\n"
|
||||
if got != want {
|
||||
t.Errorf("Want response body %q, got %q", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
type mockPlugin struct {
|
||||
err error
|
||||
}
|
||||
|
||||
func (m *mockPlugin) Deliver(ctx context.Context, req *Request) error {
|
||||
return m.err
|
||||
}
|
@ -0,0 +1,40 @@
|
||||
// Copyright 2018 Drone.IO Inc.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package webhook
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/drone/drone-go/drone"
|
||||
)
|
||||
|
||||
// V1 is version 1 of the admission API
|
||||
const V1 = "application/vnd.drone.webhook.v1+json"
|
||||
|
||||
type (
|
||||
// Request defines a webhook request.
|
||||
Request struct {
|
||||
Event string `json:"-"`
|
||||
Action string `json:"action"`
|
||||
User *drone.User `json:"user,omitempty"`
|
||||
Repo *drone.Repo `json:"repo,omitempty"`
|
||||
Build *drone.Build `json:"build,omitempty"`
|
||||
}
|
||||
|
||||
// Plugin responds to a webhook request.
|
||||
Plugin interface {
|
||||
Deliver(context.Context, *Request) error
|
||||
}
|
||||
)
|
Loading…
Reference in New Issue