def webhook():
payload = json.loads(request.data.decode('utf8'))
if skip_webhook_payload(payload):
return 'Nevermind'
owner, repo, commit_sha, status_url = get_webhook_commit_info(
current_app, payload)
target_path = u'/{owner}/{repo}/{commit_sha}/'.format(**locals())
status = dict(context='mapzen/precog',
state='success',
target_url=urljoin(request.url, target_path),
description=u'Preview your changes')
owner_repo = '{}/{}'.format(owner, repo)
token = current_app.config['HOOK_SECRETS_TOKENS'].get(owner_repo,
{}).get('token')
try:
post_github_status(status_url, status, (token, 'x-oauth-basic'))
except ValueError as err:
if err.message.startswith(
'Failed status post to https://api.github.com'):
return make_response(err.message, 403)
raise
return 'Yo.'
def decorated_function(*args, **kwargs):
try:
webhook_payload = json.loads(request.data.decode('utf8'))
owner, repo, _, _ = get_webhook_commit_info(
current_app, webhook_payload)
except:
return Response(json.dumps({'error': 'Unknown repository'}),
401,
content_type='application/json')
owner_repo = '{}/{}'.format(owner, repo)
secret_key = current_app.config['HOOK_SECRETS_TOKENS'].get(
owner_repo, {}).get('secret')
#if not secret_key:
# # No configured secrets means no signature needed.
# getLogger('precog').info('No /hook signature required')
# return route_function(*args, **kwargs)
if secret_key is None:
return Response(json.dumps({'error': 'Missing key'}),
401,
content_type='application/json')
if 'X-Hub-Signature' not in request.headers:
# Missing required signature is an error.
getLogger('precog').warning('No /hook signature provided')
return Response(json.dumps({'error': 'Missing signature'}),
401,
content_type='application/json')
def _sign(key):
hash = hmac.new(key, request.data, hashlib.sha1)
return 'sha1={}'.format(hash.hexdigest())
actual = request.headers.get('X-Hub-Signature')
expected = _sign(secret_key)
if actual != expected:
# Signature mismatch is an error.
getLogger('precog').warning(
'Mismatched /hook signatures: {actual} vs. {expected}'.format(
**locals()))
return Response(json.dumps({'error': 'Invalid signature'}),
401,
content_type='application/json')
getLogger('precog').debug(
'Matching /hook signature: {actual}'.format(**locals()))
return route_function(*args, **kwargs)
def webhook():
payload = json.loads(request.data.decode('utf8'))
if skip_webhook_payload(payload):
return 'Nevermind'
owner, repo, commit_sha, status_url = get_webhook_commit_info(current_app, payload)
target_path = u'/{owner}/{repo}/{commit_sha}/'.format(**locals())
status = dict(context='mapzen/precog', state='success',
target_url=urljoin(request.url, target_path),
description=u'Preview your changes')
owner_repo = '{}/{}'.format(owner, repo)
token = current_app.config['HOOK_SECRETS_TOKENS'].get(owner_repo, {}).get('token')
post_github_status(status_url, status, (token, 'x-oauth-basic'))
return 'Yo.'
def webhook():
payload = json.loads(request.data.decode('utf8'))
if skip_webhook_payload(payload):
return 'Nevermind'
owner, repo, commit_sha, status_url = get_webhook_commit_info(current_app, payload)
target_path = u'/{owner}/{repo}/{commit_sha}/'.format(**locals())
status = dict(context='mapzen/precog', state='success',
target_url=urljoin(request.url, target_path),
description=u'Preview your changes')
owner_repo = '{}/{}'.format(owner, repo)
token = current_app.config['HOOK_SECRETS_TOKENS'].get(owner_repo, {}).get('token')
post_github_status(status_url, status, (token, 'x-oauth-basic'))
return 'Yo.'
def decorated_function(*args, **kwargs):
try:
webhook_payload = json.loads(request.data.decode('utf8'))
owner, repo, _, _ = get_webhook_commit_info(current_app, webhook_payload)
except:
return Response(json.dumps({'error': 'Unknown repository'}),
401, content_type='application/json')
owner_repo = '{}/{}'.format(owner, repo)
secret_key = current_app.config['HOOK_SECRETS_TOKENS'].get(owner_repo, {}).get('secret')
#if not secret_key:
# # No configured secrets means no signature needed.
# getLogger('precog').info('No /hook signature required')
# return route_function(*args, **kwargs)
if secret_key is None:
return Response(json.dumps({'error': 'Missing key'}),
401, content_type='application/json')
if 'X-Hub-Signature' not in request.headers:
# Missing required signature is an error.
getLogger('precog').warning('No /hook signature provided')
return Response(json.dumps({'error': 'Missing signature'}),
401, content_type='application/json')
def _sign(key):
hash = hmac.new(key, request.data, hashlib.sha1)
return 'sha1={}'.format(hash.hexdigest())
actual = request.headers.get('X-Hub-Signature')
expected = _sign(secret_key)
if actual != expected:
# Signature mismatch is an error.
getLogger('precog').warning('Mismatched /hook signatures: {actual} vs. {expected}'.format(**locals()))
return Response(json.dumps({'error': 'Invalid signature'}),
401, content_type='application/json')
getLogger('precog').debug('Matching /hook signature: {actual}'.format(**locals()))
return route_function(*args, **kwargs)