added webhook plugin v1

5 years ago · 3e8b71333e
parent ad78194372
commit 3e8b71333e
5 changed files with 295 additions and 1 deletions
--- a/plugin/admission/handler.go
+++ b/plugin/admission/handler.go
@ -25,7 +25,7 @@ import (
 )

 // Handler returns a http.Handler that accepts JSON-encoded
-// HTTP requests for a config file, invokes the underlying config
+// HTTP requests for a user, invokes the underlying admission
 // plugin, and writes the JSON-encoded config to the HTTP response.
 //
 // The handler verifies the authenticity of the HTTP request
--- a/plugin/webhook/client.go
+++ b/plugin/webhook/client.go
@ -0,0 +1,38 @@
+// Copyright 2018 Drone.IO Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package webhook
+
+import (
+	"context"
+
+	"github.com/drone/drone-go/plugin/internal/client"
+)
+
+// Client returns a new plugin client.
+func Client(endpoint, secret string, skipverify bool) Plugin {
+	client := client.New(endpoint, secret, skipverify)
+	client.Accept = V1
+	return &pluginClient{
+		client: client,
+	}
+}
+
+type pluginClient struct {
+	client *client.Client
+}
+
+func (c *pluginClient) Deliver(ctx context.Context, in *Request) error {
+	return c.client.Do(in, nil)
+}
--- a/plugin/webhook/handler.go
+++ b/plugin/webhook/handler.go
@ -0,0 +1,90 @@
+// Copyright 2018 Drone.IO Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package webhook
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/drone/drone-go/plugin/logger"
+
+	"github.com/99designs/httpsignatures-go"
+)
+
+// Handler returns a http.Handler that accepts JSON-encoded
+// HTTP requests for a webhook, invokes the underlying webhook
+// plugin, and writes the JSON-encoded data to the HTTP response.
+//
+// The handler verifies the authenticity of the HTTP request
+// using the http-signature, and returns a 400 Bad Request if
+// the signature is missing or invalid.
+//
+// The handler can optionally encrypt the response body using
+// aesgcm if the HTTP request includes the Accept-Encoding header
+// set to aesgcm.
+func Handler(plugin Plugin, secret string, logs logger.Logger) http.Handler {
+	handler := &handler{
+		secret: secret,
+		plugin: plugin,
+		logger: logs,
+	}
+	if handler.logger == nil {
+		handler.logger = logger.Discard()
+	}
+	return handler
+}
+
+type handler struct {
+	secret string
+	plugin Plugin
+	logger logger.Logger
+}
+
+func (p *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	signature, err := httpsignatures.FromRequest(r)
+	if err != nil {
+		p.logger.Debugf("webhook: invalid or missing signature in http.Request")
+		http.Error(w, "Invalid or Missing Signature", 400)
+		return
+	}
+	if !signature.IsValid(p.secret, r) {
+		p.logger.Debugf("webhook: invalid signature in http.Request")
+		http.Error(w, "Invalid Signature", 400)
+		return
+	}
+
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		p.logger.Debugf("webhook: cannot read http.Request body")
+		w.WriteHeader(400)
+		return
+	}
+
+	req := &Request{}
+	err = json.Unmarshal(body, req)
+	if err != nil {
+		p.logger.Debugf("webhook: cannot unmarshal http.Request body")
+		http.Error(w, "Invalid Input", 400)
+		return
+	}
+
+	err = p.plugin.Deliver(r.Context(), req)
+	if err != nil {
+		http.Error(w, err.Error(), 500)
+	} else {
+		w.WriteHeader(204)
+	}
+}
--- a/plugin/webhook/handler_test.go
+++ b/plugin/webhook/handler_test.go
@ -0,0 +1,126 @@
+// Copyright 2018 Drone.IO Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package webhook
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/99designs/httpsignatures-go"
+)
+
+func TestHandler(t *testing.T) {
+	key := "xVKAGlWQiY3sOp8JVc0nbuNId3PNCgWh"
+
+	buf := new(bytes.Buffer)
+	json.NewEncoder(buf).Encode(&Request{})
+
+	res := httptest.NewRecorder()
+	req := httptest.NewRequest("GET", "/", buf)
+	req.Header.Add("Date", time.Now().UTC().Format(http.TimeFormat))
+
+	err := httpsignatures.DefaultSha256Signer.AuthRequest("hmac-key", key, req)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	plugin := &mockPlugin{
+		err: nil,
+	}
+
+	handler := Handler(plugin, key, nil)
+	handler.ServeHTTP(res, req)
+
+	if got, want := res.Code, 204; got != want {
+		t.Errorf("Want status code %d, got %d", want, got)
+	}
+}
+
+func TestHandlerError(t *testing.T) {
+	key := "xVKAGlWQiY3sOp8JVc0nbuNId3PNCgWh"
+
+	buf := new(bytes.Buffer)
+	json.NewEncoder(buf).Encode(&Request{})
+
+	res := httptest.NewRecorder()
+	req := httptest.NewRequest("GET", "/", buf)
+	req.Header.Add("Date", time.Now().UTC().Format(http.TimeFormat))
+
+	err := httpsignatures.DefaultSha256Signer.AuthRequest("hmac-key", key, req)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	plugin := &mockPlugin{
+		err: errors.New("pc load letter"),
+	}
+
+	handler := Handler(plugin, key, nil)
+	handler.ServeHTTP(res, req)
+
+	if got, want := res.Code, 500; got != want {
+		t.Errorf("Want status code %d, got %d", want, got)
+	}
+
+	got, want := strings.TrimSpace(res.Body.String()), plugin.err.Error()
+	if got != want {
+		t.Errorf("Want error %q, got %q", want, got)
+	}
+}
+
+func TestHandler_MissingSignature(t *testing.T) {
+	res := httptest.NewRecorder()
+	req := httptest.NewRequest("GET", "/", nil)
+
+	handler := Handler(nil, "xVKAGlWQiY3sOp8JVc0nbuNId3PNCgWh", nil)
+	handler.ServeHTTP(res, req)
+
+	got, want := res.Body.String(), "Invalid or Missing Signature\n"
+	if got != want {
+		t.Errorf("Want response body %q, got %q", want, got)
+	}
+}
+
+func TestHandler_InvalidSignature(t *testing.T) {
+	sig := `keyId="hmac-key",algorithm="hmac-sha256",signature="QrS16+RlRsFjXn5IVW8tWz+3ZRAypjpNgzehEuvJksk=",headers="(request-target) accept accept-encoding content-type date digest"`
+	res := httptest.NewRecorder()
+	req := httptest.NewRequest("GET", "/", nil)
+	req.Header.Set("Signature", sig)
+
+	handler := Handler(nil, "xVKAGlWQiY3sOp8JVc0nbuNId3PNCgWh", nil)
+	handler.ServeHTTP(res, req)
+
+	got, want := res.Body.String(), "Invalid Signature\n"
+	if got != want {
+		t.Errorf("Want response body %q, got %q", want, got)
+	}
+}
+
+type mockPlugin struct {
+	err error
+}
+
+func (m *mockPlugin) Deliver(ctx context.Context, req *Request) error {
+	return m.err
+}
--- a/plugin/webhook/webhook.go
+++ b/plugin/webhook/webhook.go
@ -0,0 +1,40 @@
+// Copyright 2018 Drone.IO Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package webhook
+
+import (
+	"context"
+
+	"github.com/drone/drone-go/drone"
+)
+
+// V1 is version 1 of the admission API
+const V1 = "application/vnd.drone.webhook.v1+json"
+
+type (
+	// Request defines a webhook request.
+	Request struct {
+		Event  string       `json:"-"`
+		Action string       `json:"action"`
+		User   *drone.User  `json:"user,omitempty"`
+		Repo   *drone.Repo  `json:"repo,omitempty"`
+		Build  *drone.Build `json:"build,omitempty"`
+	}
+
+	// Plugin responds to a webhook request.
+	Plugin interface {
+		Deliver(context.Context, *Request) error
+	}
+)