235 lines
6 KiB
Go
235 lines
6 KiB
Go
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package webhook
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/models"
|
|
"code.gitea.io/gitea/modules/git"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
api "code.gitea.io/gitea/modules/structs"
|
|
"code.gitea.io/gitea/modules/sync"
|
|
"github.com/gobwas/glob"
|
|
)
|
|
|
|
type webhook struct {
|
|
name models.HookTaskType
|
|
payloadCreator func(p api.Payloader, event models.HookEventType, meta string) (api.Payloader, error)
|
|
}
|
|
|
|
var (
|
|
webhooks = map[models.HookTaskType]*webhook{
|
|
models.SLACK: {
|
|
name: models.SLACK,
|
|
payloadCreator: GetSlackPayload,
|
|
},
|
|
models.DISCORD: {
|
|
name: models.DISCORD,
|
|
payloadCreator: GetDiscordPayload,
|
|
},
|
|
models.DINGTALK: {
|
|
name: models.DINGTALK,
|
|
payloadCreator: GetDingtalkPayload,
|
|
},
|
|
models.TELEGRAM: {
|
|
name: models.TELEGRAM,
|
|
payloadCreator: GetTelegramPayload,
|
|
},
|
|
models.MSTEAMS: {
|
|
name: models.MSTEAMS,
|
|
payloadCreator: GetMSTeamsPayload,
|
|
},
|
|
models.FEISHU: {
|
|
name: models.FEISHU,
|
|
payloadCreator: GetFeishuPayload,
|
|
},
|
|
models.MATRIX: {
|
|
name: models.MATRIX,
|
|
payloadCreator: GetMatrixPayload,
|
|
},
|
|
}
|
|
)
|
|
|
|
// RegisterWebhook registers a webhook
|
|
func RegisterWebhook(name string, webhook *webhook) {
|
|
webhooks[models.HookTaskType(strings.TrimSpace(name))] = webhook
|
|
}
|
|
|
|
// IsValidHookTaskType returns true if a webhook registered
|
|
func IsValidHookTaskType(name string) bool {
|
|
if name == models.GITEA || name == models.GOGS {
|
|
return true
|
|
}
|
|
_, ok := webhooks[models.HookTaskType(strings.TrimSpace(name))]
|
|
return ok
|
|
}
|
|
|
|
// hookQueue is a global queue of web hooks
|
|
var hookQueue = sync.NewUniqueQueue(setting.Webhook.QueueLength)
|
|
|
|
// getPayloadBranch returns branch for hook event, if applicable.
|
|
func getPayloadBranch(p api.Payloader) string {
|
|
switch pp := p.(type) {
|
|
case *api.CreatePayload:
|
|
if pp.RefType == "branch" {
|
|
return pp.Ref
|
|
}
|
|
case *api.DeletePayload:
|
|
if pp.RefType == "branch" {
|
|
return pp.Ref
|
|
}
|
|
case *api.PushPayload:
|
|
if strings.HasPrefix(pp.Ref, git.BranchPrefix) {
|
|
return pp.Ref[len(git.BranchPrefix):]
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
// PrepareWebhook adds special webhook to task queue for given payload.
|
|
func PrepareWebhook(w *models.Webhook, repo *models.Repository, event models.HookEventType, p api.Payloader) error {
|
|
if err := prepareWebhook(w, repo, event, p); err != nil {
|
|
return err
|
|
}
|
|
|
|
go hookQueue.Add(repo.ID)
|
|
return nil
|
|
}
|
|
|
|
func checkBranch(w *models.Webhook, branch string) bool {
|
|
if w.BranchFilter == "" || w.BranchFilter == "*" {
|
|
return true
|
|
}
|
|
|
|
g, err := glob.Compile(w.BranchFilter)
|
|
if err != nil {
|
|
// should not really happen as BranchFilter is validated
|
|
log.Error("CheckBranch failed: %s", err)
|
|
return false
|
|
}
|
|
|
|
return g.Match(branch)
|
|
}
|
|
|
|
func prepareWebhook(w *models.Webhook, repo *models.Repository, event models.HookEventType, p api.Payloader) error {
|
|
for _, e := range w.EventCheckers() {
|
|
if event == e.Type {
|
|
if !e.Has() {
|
|
return nil
|
|
}
|
|
}
|
|
}
|
|
|
|
// Avoid sending "0 new commits" to non-integration relevant webhooks (e.g. slack, discord, etc.).
|
|
// Integration webhooks (e.g. drone) still receive the required data.
|
|
if pushEvent, ok := p.(*api.PushPayload); ok &&
|
|
w.Type != models.GITEA && w.Type != models.GOGS &&
|
|
len(pushEvent.Commits) == 0 {
|
|
return nil
|
|
}
|
|
|
|
// If payload has no associated branch (e.g. it's a new tag, issue, etc.),
|
|
// branch filter has no effect.
|
|
if branch := getPayloadBranch(p); branch != "" {
|
|
if !checkBranch(w, branch) {
|
|
log.Info("Branch %q doesn't match branch filter %q, skipping", branch, w.BranchFilter)
|
|
return nil
|
|
}
|
|
}
|
|
|
|
var payloader api.Payloader
|
|
var err error
|
|
webhook, ok := webhooks[strings.TrimSpace(w.Type)] // NOTICE: w.Type maynot be trimmed before store into database
|
|
if ok {
|
|
payloader, err = webhook.payloadCreator(p, event, w.Meta)
|
|
if err != nil {
|
|
return fmt.Errorf("create payload for %s[%s]: %v", w.Type, event, err)
|
|
}
|
|
} else {
|
|
p.SetSecret(w.Secret)
|
|
payloader = p
|
|
}
|
|
|
|
var signature string
|
|
if len(w.Secret) > 0 {
|
|
data, err := payloader.JSONPayload()
|
|
if err != nil {
|
|
log.Error("prepareWebhooks.JSONPayload: %v", err)
|
|
}
|
|
sig := hmac.New(sha256.New, []byte(w.Secret))
|
|
_, err = sig.Write(data)
|
|
if err != nil {
|
|
log.Error("prepareWebhooks.sigWrite: %v", err)
|
|
}
|
|
signature = hex.EncodeToString(sig.Sum(nil))
|
|
}
|
|
|
|
if err = models.CreateHookTask(&models.HookTask{
|
|
RepoID: repo.ID,
|
|
HookID: w.ID,
|
|
Typ: w.Type,
|
|
URL: w.URL,
|
|
Signature: signature,
|
|
Payloader: payloader,
|
|
HTTPMethod: w.HTTPMethod,
|
|
ContentType: w.ContentType,
|
|
EventType: event,
|
|
IsSSL: w.IsSSL,
|
|
}); err != nil {
|
|
return fmt.Errorf("CreateHookTask: %v", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// PrepareWebhooks adds new webhooks to task queue for given payload.
|
|
func PrepareWebhooks(repo *models.Repository, event models.HookEventType, p api.Payloader) error {
|
|
if err := prepareWebhooks(repo, event, p); err != nil {
|
|
return err
|
|
}
|
|
|
|
go hookQueue.Add(repo.ID)
|
|
return nil
|
|
}
|
|
|
|
func prepareWebhooks(repo *models.Repository, event models.HookEventType, p api.Payloader) error {
|
|
ws, err := models.GetActiveWebhooksByRepoID(repo.ID)
|
|
if err != nil {
|
|
return fmt.Errorf("GetActiveWebhooksByRepoID: %v", err)
|
|
}
|
|
|
|
// check if repo belongs to org and append additional webhooks
|
|
if repo.MustOwner().IsOrganization() {
|
|
// get hooks for org
|
|
orgHooks, err := models.GetActiveWebhooksByOrgID(repo.OwnerID)
|
|
if err != nil {
|
|
return fmt.Errorf("GetActiveWebhooksByOrgID: %v", err)
|
|
}
|
|
ws = append(ws, orgHooks...)
|
|
}
|
|
|
|
// Add any admin-defined system webhooks
|
|
systemHooks, err := models.GetSystemWebhooks()
|
|
if err != nil {
|
|
return fmt.Errorf("GetSystemWebhooks: %v", err)
|
|
}
|
|
ws = append(ws, systemHooks...)
|
|
|
|
if len(ws) == 0 {
|
|
return nil
|
|
}
|
|
|
|
for _, w := range ws {
|
|
if err = prepareWebhook(w, repo, event, p); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|