check token
parent
f8ccfbad22
commit
7332471fc5
|
@ -10,5 +10,6 @@ class Gitea::Payload
|
||||||
include JSON::Serializable
|
include JSON::Serializable
|
||||||
|
|
||||||
property repository : Repository
|
property repository : Repository
|
||||||
|
property secret : String
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
require "json"
|
require "json"
|
||||||
|
require "openssl/hmac"
|
||||||
|
require "openssl/sha1"
|
||||||
|
|
||||||
require "./gitea.cr"
|
require "./gitea.cr"
|
||||||
require "./github.cr"
|
require "./github.cr"
|
||||||
require "./gitlab.cr"
|
require "./gitlab.cr"
|
||||||
|
@ -6,9 +9,10 @@ require "./gitlab.cr"
|
||||||
class Payload
|
class Payload
|
||||||
include JSON::Serializable
|
include JSON::Serializable
|
||||||
|
|
||||||
property kind : String
|
property kind : String
|
||||||
property project : String
|
property project : String
|
||||||
property content : String
|
property content : String
|
||||||
|
property secret : String = ""
|
||||||
|
|
||||||
def initialize(req : HTTP::Request)
|
def initialize(req : HTTP::Request)
|
||||||
@content = req.body.not_nil!.gets_to_end.to_s
|
@content = req.body.not_nil!.gets_to_end.to_s
|
||||||
|
@ -18,23 +22,40 @@ class Payload
|
||||||
@kind = "gitea"
|
@kind = "gitea"
|
||||||
content = Gitea::Payload.from_json @content
|
content = Gitea::Payload.from_json @content
|
||||||
@project = content.repository.full_name
|
@project = content.repository.full_name
|
||||||
|
@secret = content.secret
|
||||||
|
|
||||||
elsif agent.starts_with?("GitHub-Hookshot/") && req.headers.has_key?("X-Github-Event")
|
elsif agent.starts_with?("GitHub-Hookshot/") && req.headers.has_key?("X-Github-Event")
|
||||||
@kind = "github"
|
@kind = "github"
|
||||||
content = Github::Payload.from_json @content
|
content = Github::Payload.from_json @content
|
||||||
@project = content.repository.full_name
|
@project = content.repository.full_name
|
||||||
|
hash = req.headers.fetch("X-Hub-Signature", "None")
|
||||||
|
if hash != "None"
|
||||||
|
@secret = hash.to_s
|
||||||
|
end
|
||||||
|
|
||||||
elsif req.headers.has_key?("X-Gitlab-Event")
|
elsif req.headers.has_key?("X-Gitlab-Event")
|
||||||
@kind = "gitlab"
|
@kind = "gitlab"
|
||||||
content = Gitlab::Payload.from_json @content
|
content = Gitlab::Payload.from_json @content
|
||||||
@project = content.project.path_with_namespace
|
@project = content.project.path_with_namespace
|
||||||
|
token = req.headers.fetch("X-Gitlab-Token", "None")
|
||||||
|
if token != "None"
|
||||||
|
@secret = token.to_s
|
||||||
|
end
|
||||||
|
|
||||||
else
|
else
|
||||||
@kind = "undefined"
|
@kind = "undefined"
|
||||||
@project = "undefined"
|
@project = "undefined"
|
||||||
|
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def check?(token)
|
||||||
|
pp token
|
||||||
|
pp @secret
|
||||||
|
if @kind == "github"
|
||||||
|
data = JSON.parse(@content).to_json
|
||||||
|
given_secret = "sha1=" + OpenSSL::HMAC.hexdigest(:sha1, @secret, data)
|
||||||
|
end
|
||||||
|
|
||||||
|
token == @secret
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -65,6 +65,7 @@ server = HTTP::Server.new do |context|
|
||||||
|
|
||||||
path_project = storage + "/" + payload.project
|
path_project = storage + "/" + payload.project
|
||||||
path_scriptfile = path_project + "/" + scriptname
|
path_scriptfile = path_project + "/" + scriptname
|
||||||
|
path_token = path_project + "/token"
|
||||||
path_jsonfile = path_project + "/" + jsonfile
|
path_jsonfile = path_project + "/" + jsonfile
|
||||||
|
|
||||||
scriptfile = scriptname
|
scriptfile = scriptname
|
||||||
|
@ -73,15 +74,18 @@ server = HTTP::Server.new do |context|
|
||||||
|
|
||||||
if File.exists?(path_project) == false
|
if File.exists?(path_project) == false
|
||||||
STDERR.puts "ERROR: Project #{payload.project} not found"
|
STDERR.puts "ERROR: Project #{payload.project} not found"
|
||||||
status = false
|
|
||||||
else
|
else
|
||||||
if File.exists?(path_scriptfile) == false
|
if !payload.check?(File.read_lines(path_token)[0])
|
||||||
scriptfile = path_project + "/../../../" + scriptfile_default
|
STDERR.puts "ERROR: Secret token not valid"
|
||||||
end
|
else
|
||||||
|
if File.exists?(path_scriptfile) == false
|
||||||
|
scriptfile = path_project + "/../../../" + scriptfile_default
|
||||||
|
end
|
||||||
|
|
||||||
File.write(path_jsonfile, payload.content)
|
File.write(path_jsonfile, payload.content)
|
||||||
status = Process.run command: "zsh", args: [scriptfile], shell: true,
|
status = Process.run command: "zsh", args: [scriptfile], shell: true,
|
||||||
error: STDERR, output: STDOUT, chdir: path_project
|
error: STDERR, output: STDOUT, chdir: path_project
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context.response.content_type = "text/plain"
|
context.response.content_type = "text/plain"
|
||||||
|
|
Loading…
Reference in New Issue