site_hook 0.6.2 → 0.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/site_hook.rb +52 -46
- data/lib/site_hook/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 403f0b055ec58b6cf996dc94331b21b602f3ebc137721a7179f461f26db91a96
|
|
4
|
+
data.tar.gz: d01d26c3b0c0715f20f71212af872ebc27e817662a096a9974ad1daf15d5b457
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 28b7820163b848829744517e4478ab1f700b54168d299f55ca484100bb97cff5d5d17b1e7542f61fbb1e50741b66ab1e93587fe0347e96adb5ce1fa04354dddb
|
|
7
|
+
data.tar.gz: 76efc64a030c3e189b59b7a6e4d97238855d72ba1be0a6f543c0c3e266baf94826ea2442e73c8de243be9d90bcd1a5311bac35790748d4ab1c04dd49b7457273
|
data/lib/site_hook.rb
CHANGED
|
@@ -57,25 +57,28 @@ module SiteHook
|
|
|
57
57
|
# @param [String] sig Signature or token from git service
|
|
58
58
|
# @param [String] secret User-defined verification token
|
|
59
59
|
# @param [Boolean] plaintext Whether the verification is plaintext
|
|
60
|
-
def Webhook.verified?(body, sig, secret, plaintext:, service:)
|
|
61
|
-
if
|
|
62
|
-
|
|
63
|
-
else false
|
|
64
|
-
end
|
|
65
|
-
else case service
|
|
66
|
-
when 'gogs'
|
|
67
|
-
if sig == OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, body)
|
|
68
|
-
APPLOG.debug "Secret verified: #{sig} === #{OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, body)}"
|
|
60
|
+
def Webhook.verified?(body, sig, secret, plaintext:, service:)
|
|
61
|
+
if plaintext
|
|
62
|
+
if sig === secret
|
|
69
63
|
true
|
|
64
|
+
else
|
|
65
|
+
false
|
|
70
66
|
end
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
67
|
+
else
|
|
68
|
+
case service
|
|
69
|
+
when 'gogs'
|
|
70
|
+
if sig == OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, body)
|
|
71
|
+
APPLOG.debug "Secret verified: #{sig} === #{OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, body)}"
|
|
72
|
+
true
|
|
73
|
+
end
|
|
74
|
+
when 'github'
|
|
75
|
+
if sig == OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret, body)
|
|
76
|
+
APPLOG.debug "Secret verified: #{sig} === #{OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret, body)}"
|
|
77
|
+
true
|
|
78
|
+
end
|
|
75
79
|
end
|
|
76
|
-
end
|
|
77
80
|
|
|
78
|
-
|
|
81
|
+
end
|
|
79
82
|
end
|
|
80
83
|
|
|
81
84
|
get '/' do
|
|
@@ -105,7 +108,8 @@ module SiteHook
|
|
|
105
108
|
get '/webhook/*' do
|
|
106
109
|
if params[:splat]
|
|
107
110
|
pass
|
|
108
|
-
else
|
|
111
|
+
else
|
|
112
|
+
halt 405, {'Content-Type' => 'application/json'}, {message: 'GET not allowed'}.to_json
|
|
109
113
|
end
|
|
110
114
|
|
|
111
115
|
end
|
|
@@ -147,14 +151,15 @@ module SiteHook
|
|
|
147
151
|
}
|
|
148
152
|
events_m_e = events.values.one?
|
|
149
153
|
case events_m_e
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
154
|
+
when true
|
|
155
|
+
event = 'push'
|
|
156
|
+
service = events.select { |key, value| value }.keys.first
|
|
157
|
+
when false
|
|
158
|
+
halt 400, {'Content-Type' => 'application/json'}, {message: 'events are mutually exclusive', status: 'failure'
|
|
159
|
+
}.to_json
|
|
160
|
+
|
|
161
|
+
else
|
|
162
|
+
halt 400, {'Content-Type' => 'application/json'}, {'status': 'failure', 'message': 'something weird happened'
|
|
158
163
|
}
|
|
159
164
|
end
|
|
160
165
|
if event != 'push'
|
|
@@ -163,18 +168,18 @@ module SiteHook
|
|
|
163
168
|
end
|
|
164
169
|
end
|
|
165
170
|
case service
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
171
|
+
when 'gitlab'
|
|
172
|
+
signature = request.env.fetch('HTTP_X_GITLAB_TOKEN', '')
|
|
173
|
+
plaintext = true
|
|
174
|
+
when 'github'
|
|
175
|
+
signature = request.env.fetch('HTTP_X_HUB_SIGNATURE', ''
|
|
176
|
+
).sub!(/^sha1=/, ''
|
|
177
|
+
)
|
|
178
|
+
plaintext = false
|
|
174
179
|
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
180
|
+
when 'gogs'
|
|
181
|
+
signature = request.env.fetch('HTTP_X_GOGS_SIGNATURE', '')
|
|
182
|
+
plaintext = false
|
|
178
183
|
end
|
|
179
184
|
if Webhook.verified?(req_body.to_s, signature, project['hookpass'], plaintext: plaintext, service: service)
|
|
180
185
|
BUILDLOG.info 'Building...'
|
|
@@ -183,19 +188,20 @@ module SiteHook
|
|
|
183
188
|
jekyll_status = jekyllbuild.fetch(:status, 1)
|
|
184
189
|
case jekyll_status
|
|
185
190
|
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
191
|
+
when 0
|
|
192
|
+
status 200
|
|
193
|
+
headers 'Content-Type' => 'application/json'
|
|
194
|
+
body { {'status': 'success'}.to_json
|
|
195
|
+
}
|
|
196
|
+
when -1, -2, -3
|
|
197
|
+
status 400
|
|
198
|
+
headers 'Content-Type' => 'application/json'
|
|
199
|
+
body { {'status': 'exception', error: "#{jekyll_status.fetch(:message)}"}
|
|
200
|
+
}
|
|
196
201
|
end
|
|
197
202
|
|
|
198
|
-
else
|
|
203
|
+
else
|
|
204
|
+
halt 403, {'Content-Type' => 'application/json'}, {message: 'incorrect secret', 'status': 'failure'}.to_json
|
|
199
205
|
end
|
|
200
206
|
end
|
|
201
207
|
post '/webhook/?' do
|
data/lib/site_hook/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: site_hook
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ken Spencer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-06-
|
|
11
|
+
date: 2018-06-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sinatra
|