Платформа ЦРНП "Мирокод" для разработки проектов
https://git.mirocod.ru
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
312 lines
7.9 KiB
312 lines
7.9 KiB
// Copyright 2019 The Gitea Authors. All rights reserved. |
|
// Use of this source code is governed by a MIT-style |
|
// license that can be found in the LICENSE file. |
|
|
|
package webhook |
|
|
|
import ( |
|
"context" |
|
"crypto/hmac" |
|
"crypto/sha1" |
|
"crypto/sha256" |
|
"crypto/tls" |
|
"encoding/hex" |
|
"fmt" |
|
"io" |
|
"net/http" |
|
"net/url" |
|
"strconv" |
|
"strings" |
|
"sync" |
|
"time" |
|
|
|
webhook_model "code.gitea.io/gitea/models/webhook" |
|
"code.gitea.io/gitea/modules/graceful" |
|
"code.gitea.io/gitea/modules/hostmatcher" |
|
"code.gitea.io/gitea/modules/log" |
|
"code.gitea.io/gitea/modules/proxy" |
|
"code.gitea.io/gitea/modules/setting" |
|
|
|
"github.com/gobwas/glob" |
|
) |
|
|
|
// Deliver deliver hook task |
|
func Deliver(t *webhook_model.HookTask) error { |
|
w, err := webhook_model.GetWebhookByID(t.HookID) |
|
if err != nil { |
|
return err |
|
} |
|
|
|
defer func() { |
|
err := recover() |
|
if err == nil { |
|
return |
|
} |
|
// There was a panic whilst delivering a hook... |
|
log.Error("PANIC whilst trying to deliver webhook[%d] for repo[%d] to %s Panic: %v\nStacktrace: %s", t.ID, t.RepoID, w.URL, err, log.Stack(2)) |
|
}() |
|
|
|
t.IsDelivered = true |
|
|
|
var req *http.Request |
|
|
|
switch w.HTTPMethod { |
|
case "": |
|
log.Info("HTTP Method for webhook %d empty, setting to POST as default", t.ID) |
|
fallthrough |
|
case http.MethodPost: |
|
switch w.ContentType { |
|
case webhook_model.ContentTypeJSON: |
|
req, err = http.NewRequest("POST", w.URL, strings.NewReader(t.PayloadContent)) |
|
if err != nil { |
|
return err |
|
} |
|
|
|
req.Header.Set("Content-Type", "application/json") |
|
case webhook_model.ContentTypeForm: |
|
var forms = url.Values{ |
|
"payload": []string{t.PayloadContent}, |
|
} |
|
|
|
req, err = http.NewRequest("POST", w.URL, strings.NewReader(forms.Encode())) |
|
if err != nil { |
|
return err |
|
} |
|
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") |
|
} |
|
case http.MethodGet: |
|
u, err := url.Parse(w.URL) |
|
if err != nil { |
|
return err |
|
} |
|
vals := u.Query() |
|
vals["payload"] = []string{t.PayloadContent} |
|
u.RawQuery = vals.Encode() |
|
req, err = http.NewRequest("GET", u.String(), nil) |
|
if err != nil { |
|
return err |
|
} |
|
case http.MethodPut: |
|
switch w.Type { |
|
case webhook_model.MATRIX: |
|
req, err = getMatrixHookRequest(w, t) |
|
if err != nil { |
|
return err |
|
} |
|
default: |
|
return fmt.Errorf("invalid http method for webhook: [%d] %v", t.ID, w.HTTPMethod) |
|
} |
|
default: |
|
return fmt.Errorf("invalid http method for webhook: [%d] %v", t.ID, w.HTTPMethod) |
|
} |
|
|
|
var signatureSHA1 string |
|
var signatureSHA256 string |
|
if len(w.Secret) > 0 { |
|
sig1 := hmac.New(sha1.New, []byte(w.Secret)) |
|
sig256 := hmac.New(sha256.New, []byte(w.Secret)) |
|
_, err = io.MultiWriter(sig1, sig256).Write([]byte(t.PayloadContent)) |
|
if err != nil { |
|
log.Error("prepareWebhooks.sigWrite: %v", err) |
|
} |
|
signatureSHA1 = hex.EncodeToString(sig1.Sum(nil)) |
|
signatureSHA256 = hex.EncodeToString(sig256.Sum(nil)) |
|
} |
|
|
|
event := t.EventType.Event() |
|
eventType := string(t.EventType) |
|
req.Header.Add("X-Gitea-Delivery", t.UUID) |
|
req.Header.Add("X-Gitea-Event", event) |
|
req.Header.Add("X-Gitea-Event-Type", eventType) |
|
req.Header.Add("X-Gitea-Signature", signatureSHA256) |
|
req.Header.Add("X-Gogs-Delivery", t.UUID) |
|
req.Header.Add("X-Gogs-Event", event) |
|
req.Header.Add("X-Gogs-Event-Type", eventType) |
|
req.Header.Add("X-Gogs-Signature", signatureSHA256) |
|
req.Header.Add("X-Hub-Signature", "sha1="+signatureSHA1) |
|
req.Header.Add("X-Hub-Signature-256", "sha256="+signatureSHA256) |
|
req.Header["X-GitHub-Delivery"] = []string{t.UUID} |
|
req.Header["X-GitHub-Event"] = []string{event} |
|
req.Header["X-GitHub-Event-Type"] = []string{eventType} |
|
|
|
// Record delivery information. |
|
t.RequestInfo = &webhook_model.HookRequest{ |
|
URL: req.URL.String(), |
|
HTTPMethod: req.Method, |
|
Headers: map[string]string{}, |
|
} |
|
for k, vals := range req.Header { |
|
t.RequestInfo.Headers[k] = strings.Join(vals, ",") |
|
} |
|
|
|
t.ResponseInfo = &webhook_model.HookResponse{ |
|
Headers: map[string]string{}, |
|
} |
|
|
|
defer func() { |
|
t.Delivered = time.Now().UnixNano() |
|
if t.IsSucceed { |
|
log.Trace("Hook delivered: %s", t.UUID) |
|
} else { |
|
log.Trace("Hook delivery failed: %s", t.UUID) |
|
} |
|
|
|
if err := webhook_model.UpdateHookTask(t); err != nil { |
|
log.Error("UpdateHookTask [%d]: %v", t.ID, err) |
|
} |
|
|
|
// Update webhook last delivery status. |
|
if t.IsSucceed { |
|
w.LastStatus = webhook_model.HookStatusSucceed |
|
} else { |
|
w.LastStatus = webhook_model.HookStatusFail |
|
} |
|
if err = webhook_model.UpdateWebhookLastStatus(w); err != nil { |
|
log.Error("UpdateWebhookLastStatus: %v", err) |
|
return |
|
} |
|
}() |
|
|
|
if setting.DisableWebhooks { |
|
return fmt.Errorf("webhook task skipped (webhooks disabled): [%d]", t.ID) |
|
} |
|
|
|
resp, err := webhookHTTPClient.Do(req.WithContext(graceful.GetManager().ShutdownContext())) |
|
if err != nil { |
|
t.ResponseInfo.Body = fmt.Sprintf("Delivery: %v", err) |
|
return err |
|
} |
|
defer resp.Body.Close() |
|
|
|
// Status code is 20x can be seen as succeed. |
|
t.IsSucceed = resp.StatusCode/100 == 2 |
|
t.ResponseInfo.Status = resp.StatusCode |
|
for k, vals := range resp.Header { |
|
t.ResponseInfo.Headers[k] = strings.Join(vals, ",") |
|
} |
|
|
|
p, err := io.ReadAll(resp.Body) |
|
if err != nil { |
|
t.ResponseInfo.Body = fmt.Sprintf("read body: %s", err) |
|
return err |
|
} |
|
t.ResponseInfo.Body = string(p) |
|
return nil |
|
} |
|
|
|
// DeliverHooks checks and delivers undelivered hooks. |
|
// FIXME: graceful: This would likely benefit from either a worker pool with dummy queue |
|
// or a full queue. Then more hooks could be sent at same time. |
|
func DeliverHooks(ctx context.Context) { |
|
select { |
|
case <-ctx.Done(): |
|
return |
|
default: |
|
} |
|
tasks, err := webhook_model.FindUndeliveredHookTasks() |
|
if err != nil { |
|
log.Error("DeliverHooks: %v", err) |
|
return |
|
} |
|
|
|
// Update hook task status. |
|
for _, t := range tasks { |
|
select { |
|
case <-ctx.Done(): |
|
return |
|
default: |
|
} |
|
if err = Deliver(t); err != nil { |
|
log.Error("deliver: %v", err) |
|
} |
|
} |
|
|
|
// Start listening on new hook requests. |
|
for { |
|
select { |
|
case <-ctx.Done(): |
|
hookQueue.Close() |
|
return |
|
case repoIDStr := <-hookQueue.Queue(): |
|
log.Trace("DeliverHooks [repo_id: %v]", repoIDStr) |
|
hookQueue.Remove(repoIDStr) |
|
|
|
repoID, err := strconv.ParseInt(repoIDStr, 10, 64) |
|
if err != nil { |
|
log.Error("Invalid repo ID: %s", repoIDStr) |
|
continue |
|
} |
|
|
|
tasks, err := webhook_model.FindRepoUndeliveredHookTasks(repoID) |
|
if err != nil { |
|
log.Error("Get repository [%d] hook tasks: %v", repoID, err) |
|
continue |
|
} |
|
for _, t := range tasks { |
|
select { |
|
case <-ctx.Done(): |
|
return |
|
default: |
|
} |
|
if err = Deliver(t); err != nil { |
|
log.Error("deliver: %v", err) |
|
} |
|
} |
|
} |
|
} |
|
|
|
} |
|
|
|
var ( |
|
webhookHTTPClient *http.Client |
|
once sync.Once |
|
hostMatchers []glob.Glob |
|
) |
|
|
|
func webhookProxy() func(req *http.Request) (*url.URL, error) { |
|
if setting.Webhook.ProxyURL == "" { |
|
return proxy.Proxy() |
|
} |
|
|
|
once.Do(func() { |
|
for _, h := range setting.Webhook.ProxyHosts { |
|
if g, err := glob.Compile(h); err == nil { |
|
hostMatchers = append(hostMatchers, g) |
|
} else { |
|
log.Error("glob.Compile %s failed: %v", h, err) |
|
} |
|
} |
|
}) |
|
|
|
return func(req *http.Request) (*url.URL, error) { |
|
for _, v := range hostMatchers { |
|
if v.Match(req.URL.Host) { |
|
return http.ProxyURL(setting.Webhook.ProxyURLFixed)(req) |
|
} |
|
} |
|
return http.ProxyFromEnvironment(req) |
|
} |
|
} |
|
|
|
// InitDeliverHooks starts the hooks delivery thread |
|
func InitDeliverHooks() { |
|
timeout := time.Duration(setting.Webhook.DeliverTimeout) * time.Second |
|
|
|
allowedHostListValue := setting.Webhook.AllowedHostList |
|
if allowedHostListValue == "" { |
|
allowedHostListValue = hostmatcher.MatchBuiltinExternal |
|
} |
|
allowedHostMatcher := hostmatcher.ParseHostMatchList("webhook.ALLOWED_HOST_LIST", allowedHostListValue) |
|
|
|
webhookHTTPClient = &http.Client{ |
|
Timeout: timeout, |
|
Transport: &http.Transport{ |
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify}, |
|
Proxy: webhookProxy(), |
|
DialContext: hostmatcher.NewDialContext("webhook", allowedHostMatcher, nil), |
|
}, |
|
} |
|
|
|
go graceful.GetManager().RunWithShutdownContext(DeliverHooks) |
|
}
|
|
|