def _validUser(self, opt, slug, cfg, data):
val = cfg.get("auth.user.%s" % opt, fallback = '')
if val != '':
try:
x = data['actor'][opt]
if not x in self._ls(val):
raise error(304, "%s no action: user %s %s" % (slug, opt, x))
except KeyError:
raise error(403, "%s forbidden: no user %s" % (slug, opt))
def _authRepo(self, opt, slug, cfg, data):
val = cfg.get("auth.%s" % opt, fallback = '')
if val != '':
try:
x = data['repository'][opt]
if x != val:
raise error(403, "%s forbidden: %s %s" % (slug, opt, x))
except KeyError:
raise error(403, "%s forbidden: no %s" % (slug, opt))
def handle(task, action):
log.debug("exec handle: %s %s" % (task, action))
taskman = _taskman.get(task, None)
if taskman is None:
raise error(500, "listen.exec task %s: no manager" % task)
try:
args = json.load(request.body)
taskman.hook(action, args)
except Exception as err:
raise error(500, "%s" % err)
return 'OK\n'
def __init__(self, provider, name):
self._slug = "%s/%s" % (provider, name)
prov = _provider.get(provider, None)
if prov is None:
raise error(400, "webhook invalid provider: %s" % provider)
sect = "webhook.repo:%s" % name
if not wapp.config.has_section(sect):
sect = "sadm.webhook:%s" % name
if not wapp.config.has_section(sect):
raise error(400,
"webhook %s repo not found: %s" % (provider, name))
self._cfg = wapp.config[sect]
self._prov = prov
self._loadProvider(self._cfg, provider, name)
self._loadRepo(self._cfg)
def exec(self, req, action):
log.debug("%s exec %s" % (self._slug, action))
# TODO: check self._cfg.getboolean(action... if disabled raise error 400
# or just 200 with an "action disabled" message?
# read body, it should be a valid json string
try:
obj = json.loads(req.body.read())
except JSONDecodeError as err:
raise error(400, "webhook %s: %s" % (self._slug, err))
# authorize request info and json data
self._prov.auth(self._slug, req, self._cfg, obj)
# validate request data
self._prov.validate(self._slug, self._cfg, obj)
# get repo info from request data
args = self._prov.repoArgs(self._slug, self._cfg, action, obj)
# dispatch task
task = "webhook.repo.%s" % self._repoVCS
try:
dispatch(req, task, action, args)
except CommandError as err:
raise error(500, "webhook %s: %s" % (self._slug, err))
def repoArgs(self, slug, cfg, action, data):
args = {
'repo.path': cfg.get('path'),
'repo.branch': cfg.get('branch', fallback = 'master'),
}
try:
actionData = data[action]['changes'][0]['new']
chtype = actionData['type']
branch = actionData['name']
target = actionData['target']
ttype = target['type']
thash = target['hash'].strip()
except KeyError as err:
raise error(403, "%s forbidden: args %s" % (slug, err))
if chtype != 'branch':
raise error(304, "%s no action: change type %s" % (slug, chtype))
if branch != args['repo.branch']:
raise error(304, "%s no action: branch %s" % (slug, branch))
if ttype != 'commit':
raise error(304, "%s no action: target type %s" % (slug, ttype))
if thash == '':
raise error(403, "%s forbidden: target hash is empty" % slug)
args['repo.checkout'] = thash
return args
def _loadRepo(self, cfg):
vcs = cfg.get('vcs', fallback='git')
if not _validVCS.get(vcs, False):
raise error(400, "webhook %s: invalid vcs: %s" % (self._slug, vcs))
self._repoVCS = vcs
def _loadProvider(self, cfg, provider, name):
rProv = cfg.get('provider', fallback='none')
if rProv != provider:
raise error(
400, "webhook %s: invalid provider: %s" % (self._slug, rProv))