def push_webhook_pusher_check():
try:
Github.verify_webhook_signature(secret=os.environ.get('GITHUB_WEBHOOK_SECRET', None))
except ValueError:
return 'Unauthroized, invalid hash', 401
# Parse event data
try:
push_event_data = json.loads(request.data.decode('utf-8'))
except ValueError:
return 'Failed to parse push event', 400
# Github's hook check
if 'hook' in push_event_data and 'hook_id' in push_event_data:
return 'OK', 200
# Valid pushers info
with open(os.path.join(source_root, 'pusher_matches.json'), 'r') as f:
pusher_matches = json.load(f)
# get SNS topic
sns_topic = os.environ.get('SNS_SCM_ADMIN_TOPIC', None)
# Pusher info
pusher = push_event_data.get('pusher', None)
if pusher:
pusher = pusher.get('name', None)
repository = push_event_data.get('repository', None)
if repository:
repository_name = repository.get('full_name', None)
else:
repository_name = None
branch = push_event_data.get('ref', '').split('/')[-1]
if not pusher or not repository_name or not branch:
logger.error('Cannot parse push event data')
logger.error(request.data)
sns_publish(sns_topic=sns_topic,
event='SCM',
subject='Failed to parse oush event data',
message='received data is:\n\n{}'.format(request.data.decode('utf-8')))
return 'Bad Request, unknown push event payload', 400
# Match
repo_to_be_matched = pusher_matches.get(repository_name, None)
if repo_to_be_matched:
if branch in repo_to_be_matched:
branch_to_be_matched = repo_to_be_matched[branch]
if pusher in branch_to_be_matched:
return 'OK', 200
else:
sns_publish(sns_topic=sns_topic,
event='SCM',
subject='Invalid push event @ {branch} of {repo}'.format(repo=repository_name,
branch=branch),
message='Pusher "{pusher}" pushed to `{branch}` branch at `{repo}` repo'.format(
pusher=pusher,
branch=branch,
repo=repository_name,
))
return 'Forbidden', 403
# Don't have to match
return 'OK', 200
