mirrors/webhook
1
0
Fork 0
mirror of https://github.com/adnanh/webhook.git synced 2025-05-11 08:04:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add per-hook HTTP method restrictions

Browse source
This commit is contained in:
Cameron Moore 2019-12-26 11:11:53 -06:00
parent 66562fdb41
commit 3414f34025
6 changed files with 217 additions and 184 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/Hook-Definition.md
View file

@ -10,6 +10,7 @@ Hooks are defined as JSON objects. Please note that in order to be considered va
* `response-headers` - specifies the list of headers in format `{"name": "X-Example-Header", "value": "it works"}` that will be returned in HTTP response for the hook * `response-headers` - specifies the list of headers in format `{"name": "X-Example-Header", "value": "it works"}` that will be returned in HTTP response for the hook
* `success-http-response-code` - specifies the HTTP status code to be returned upon success * `success-http-response-code` - specifies the HTTP status code to be returned upon success
* `incoming-payload-content-type` - sets the `Content-Type` of the incoming HTTP request (ie. `application/json`); useful when the request lacks a `Content-Type` or sends an erroneous value * `incoming-payload-content-type` - sets the `Content-Type` of the incoming HTTP request (ie. `application/json`); useful when the request lacks a `Content-Type` or sends an erroneous value
* `http-methods` - a list of allowed HTTP methods, such as `POST` and `GET`
* `include-command-output-in-response` - boolean whether webhook should wait for the command to finish and return the raw output as a response to the hook initiator. If the command fails to execute or encounters any errors while executing the response will result in 500 Internal Server Error HTTP status code, otherwise the 200 OK status code will be returned. * `include-command-output-in-response` - boolean whether webhook should wait for the command to finish and return the raw output as a response to the hook initiator. If the command fails to execute or encounters any errors while executing the response will result in 500 Internal Server Error HTTP status code, otherwise the 200 OK status code will be returned.
* `include-command-output-in-response-on-error` - boolean whether webhook should include command stdout & stderror as a response in failed executions. It only works if `include-command-output-in-response` is set to `true`. * `include-command-output-in-response-on-error` - boolean whether webhook should include command stdout & stderror as a response in failed executions. It only works if `include-command-output-in-response` is set to `true`.
* `parse-parameters-as-json` - specifies the list of arguments that contain JSON strings. These parameters will be decoded by webhook and you can access them like regular objects in rules and `pass-arguments-to-command`. * `parse-parameters-as-json` - specifies the list of arguments that contain JSON strings. These parameters will be decoded by webhook and you can access them like regular objects in rules and `pass-arguments-to-command`.

1
internal/hook/hook.go
View file

@ -460,6 +460,7 @@ type Hook struct {
TriggerRuleMismatchHttpResponseCode int `json:"trigger-rule-mismatch-http-response-code,omitempty"` TriggerRuleMismatchHttpResponseCode int `json:"trigger-rule-mismatch-http-response-code,omitempty"`
IncomingPayloadContentType string `json:"incoming-payload-content-type,omitempty"` IncomingPayloadContentType string `json:"incoming-payload-content-type,omitempty"`
SuccessHttpResponseCode int `json:"success-http-response-code,omitempty"` SuccessHttpResponseCode int `json:"success-http-response-code,omitempty"`
HTTPMethods []string `json:"http-methods"`
} }
// ParseJSONParameters decodes specified arguments to JSON objects and replaces the // ParseJSONParameters decodes specified arguments to JSON objects and replaces the

1
test/hooks.json.tmpl
View file

@ -3,6 +3,7 @@
"id": "github", "id": "github",
"execute-command": "{{ .Hookecho }}", "execute-command": "{{ .Hookecho }}",
"command-working-directory": "/", "command-working-directory": "/",
"http-methods": ["POST"],
"include-command-output-in-response": true, "include-command-output-in-response": true,
"trigger-rule-mismatch-http-response-code": 400, "trigger-rule-mismatch-http-response-code": 400,
"pass-environment-to-command": "pass-environment-to-command":

2
test/hooks.yaml.tmpl
View file

@ -1,4 +1,6 @@
- id: github - id: github
http-methods:
- POST
trigger-rule: trigger-rule:
and: and:
- match: - match:

36
webhook.go
View file

@ -253,15 +253,37 @@ func hookHandler(w http.ResponseWriter, r *http.Request) {
log.Printf("[%s] incoming HTTP request from %s\n", rid, r.RemoteAddr) log.Printf("[%s] incoming HTTP request from %s\n", rid, r.RemoteAddr)
id := mux.Vars(r)["id"]
matchedHook := matchLoadedHook(id)
if matchedHook == nil {
w.WriteHeader(http.StatusNotFound)
fmt.Fprint(w, "Hook not found.")
return
}
// Check for allowed methods
if len(matchedHook.HTTPMethods) != 0 {
var allowed bool
for i := range matchedHook.HTTPMethods {
if matchedHook.HTTPMethods[i] == r.Method {
allowed = true
break
}
}
if !allowed {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
}
log.Printf("[%s] %s got matched\n", rid, id)
for _, responseHeader := range responseHeaders { for _, responseHeader := range responseHeaders {
w.Header().Set(responseHeader.Name, responseHeader.Value) w.Header().Set(responseHeader.Name, responseHeader.Value)
} }
id := mux.Vars(r)["id"]
if matchedHook := matchLoadedHook(id); matchedHook != nil {
log.Printf("[%s] %s got matched\n", rid, id)
var ( var (
body []byte body []byte
err error err error
@ -461,10 +483,6 @@ func hookHandler(w http.ResponseWriter, r *http.Request) {
log.Printf("[%s] %s got matched, but didn't get triggered because the trigger rules were not satisfied\n", rid, matchedHook.ID) log.Printf("[%s] %s got matched, but didn't get triggered because the trigger rules were not satisfied\n", rid, matchedHook.ID)
fmt.Fprint(w, "Hook rules were not satisfied.") fmt.Fprint(w, "Hook rules were not satisfied.")
} else {
w.WriteHeader(http.StatusNotFound)
fmt.Fprint(w, "Hook not found.")
}
} }
func handleHook(h *hook.Hook, rid string, headers, query, payload *map[string]interface{}, body *[]byte) (string, error) { func handleHook(h *hook.Hook, rid string, headers, query, payload *map[string]interface{}, body *[]byte) (string, error) {

32
webhook_test.go
View file

@ -95,7 +95,7 @@ func TestWebhook(t *testing.T) {
url := fmt.Sprintf("http://%s:%s/hooks/%s", ip, port, tt.id) url := fmt.Sprintf("http://%s:%s/hooks/%s", ip, port, tt.id)
req, err := http.NewRequest("POST", url, ioutil.NopCloser(strings.NewReader(tt.body))) req, err := http.NewRequest(tt.method, url, ioutil.NopCloser(strings.NewReader(tt.body)))
if err != nil { if err != nil {
t.Errorf("New request failed: %s", err) t.Errorf("New request failed: %s", err)
} }
@ -289,6 +289,7 @@ func webhookEnv() (env []string) {
var hookHandlerTests = []struct { var hookHandlerTests = []struct {
desc string desc string
id string id string
method string
headers map[string]string headers map[string]string
contentType string contentType string
body string body string
@ -300,6 +301,7 @@ var hookHandlerTests = []struct {
{ {
"github", "github",
"github", "github",
"POST",
map[string]string{"X-Hub-Signature": "f68df0375d7b03e3eb29b4cf9f9ec12e08f42ff8"}, map[string]string{"X-Hub-Signature": "f68df0375d7b03e3eb29b4cf9f9ec12e08f42ff8"},
"application/json", "application/json",
`{ `{
@ -455,6 +457,7 @@ env: HOOK_head_commit.timestamp=2013-03-12T08:14:29-07:00
{ {
"bitbucket", // bitbucket sends their payload using uriencoded params. "bitbucket", // bitbucket sends their payload using uriencoded params.
"bitbucket", "bitbucket",
"POST",
nil, nil,
"application/x-www-form-urlencoded", "application/x-www-form-urlencoded",
`payload={"canon_url": "https://bitbucket.org","commits": [{"author": "marcus","branch": "master","files": [{"file": "somefile.py","type": "modified"}],"message": "Added some more things to somefile.py\n","node": "620ade18607a","parents": ["702c70160afc"],"raw_author": "Marcus Bertrand <marcus@somedomain.com>","raw_node": "620ade18607ac42d872b568bb92acaa9a28620e9","revision": null,"size": -1,"timestamp": "2012-05-30 05:58:56","utctimestamp": "2014-11-07 15:19:02+00:00"}],"repository": {"absolute_url": "/webhook/testing/","fork": false,"is_private": true,"name": "Project X","owner": "marcus","scm": "git","slug": "project-x","website": "https://atlassian.com/"},"user": "marcus"}`, `payload={"canon_url": "https://bitbucket.org","commits": [{"author": "marcus","branch": "master","files": [{"file": "somefile.py","type": "modified"}],"message": "Added some more things to somefile.py\n","node": "620ade18607a","parents": ["702c70160afc"],"raw_author": "Marcus Bertrand <marcus@somedomain.com>","raw_node": "620ade18607ac42d872b568bb92acaa9a28620e9","revision": null,"size": -1,"timestamp": "2012-05-30 05:58:56","utctimestamp": "2014-11-07 15:19:02+00:00"}],"repository": {"absolute_url": "/webhook/testing/","fork": false,"is_private": true,"name": "Project X","owner": "marcus","scm": "git","slug": "project-x","website": "https://atlassian.com/"},"user": "marcus"}`,
@ -465,6 +468,7 @@ env: HOOK_head_commit.timestamp=2013-03-12T08:14:29-07:00
{ {
"gitlab", "gitlab",
"gitlab", "gitlab",
"POST",
map[string]string{"X-Gitlab-Event": "Push Hook"}, map[string]string{"X-Gitlab-Event": "Push Hook"},
"application/json", "application/json",
`{ `{
@ -517,6 +521,7 @@ env: HOOK_head_commit.timestamp=2013-03-12T08:14:29-07:00
{ {
"xml", "xml",
"xml", "xml",
"POST",
map[string]string{"Content-Type": "application/xml"}, map[string]string{"Content-Type": "application/xml"},
"application/xml", "application/xml",
`<app> `<app>
@ -535,6 +540,7 @@ env: HOOK_head_commit.timestamp=2013-03-12T08:14:29-07:00
{ {
"multipart", "multipart",
"plex", "plex",
"POST",
nil, nil,
"multipart/form-data; boundary=xxx", "multipart/form-data; boundary=xxx",
`--xxx `--xxx
@ -566,6 +572,7 @@ binary data
{ {
"missing-cmd-arg", // missing head_commit.author.email "missing-cmd-arg", // missing head_commit.author.email
"github", "github",
"POST",
map[string]string{"X-Hub-Signature": "ab03955b9377f530aa298b1b6d273ae9a47e1e40"}, map[string]string{"X-Hub-Signature": "ab03955b9377f530aa298b1b6d273ae9a47e1e40"},
"application/json", "application/json",
`{ `{
@ -607,6 +614,7 @@ env: HOOK_head_commit.timestamp=2013-03-12T08:14:29-07:00
{ {
"missing-env-arg", // missing head_commit.timestamp "missing-env-arg", // missing head_commit.timestamp
"github", "github",
"POST",
map[string]string{"X-Hub-Signature": "2cf8b878cb6b74a25090a140fa4a474be04b97fa"}, map[string]string{"X-Hub-Signature": "2cf8b878cb6b74a25090a140fa4a474be04b97fa"},
"application/json", "application/json",
`{ `{
@ -643,25 +651,27 @@ env: HOOK_head_commit.timestamp=2013-03-12T08:14:29-07:00
``, ``,
}, },
// test with disallowed HTTP method
{"disallowed method", "github", "GET", nil, `{}`, "application/json", http.StatusMethodNotAllowed, ``, ``},
// test with custom return code // test with custom return code
{"empty payload", "github", nil, "application/json", `{}`, http.StatusBadRequest, `Hook rules were not satisfied.`, ``}, {"empty payload", "github", "POST", nil, "application/json", `{}`, http.StatusBadRequest, `Hook rules were not satisfied.`, ``},
// test with custom invalid http code, should default to 200 OK // test with custom invalid http code, should default to 200 OK
{"empty payload", "bitbucket", nil, "application/json", `{}`, http.StatusOK, `Hook rules were not satisfied.`, ``}, {"empty payload", "bitbucket", "POST", nil, "application/json", `{}`, http.StatusOK, `Hook rules were not satisfied.`, ``},
// test with no configured http return code, should default to 200 OK // test with no configured http return code, should default to 200 OK
{"empty payload", "gitlab", nil, "application/json", `{}`, http.StatusOK, `Hook rules were not satisfied.`, ``}, {"empty payload", "gitlab", "POST", nil, "application/json", `{}`, http.StatusOK, `Hook rules were not satisfied.`, ``},
// test capturing command output // test capturing command output
{"don't capture output on success by default", "capture-command-output-on-success-not-by-default", nil, "application/json", `{}`, http.StatusOK, ``, ``}, {"don't capture output on success by default", "capture-command-output-on-success-not-by-default", "POST", nil, "application/json", `{}`, http.StatusOK, ``, ``},
{"capture output on success with flag set", "capture-command-output-on-success-yes-with-flag", nil, "application/json", `{}`, http.StatusOK, `arg: exit=0 {"capture output on success with flag set", "capture-command-output-on-success-yes-with-flag", "POST", nil, "application/json", `{}`, http.StatusOK, `arg: exit=0
`, ``}, `, ``},
{"don't capture output on error by default", "capture-command-output-on-error-not-by-default", nil, "application/json", `{}`, http.StatusInternalServerError, `Error occurred while executing the hook's command. Please check your logs for more details.`, ``}, {"don't capture output on error by default", "capture-command-output-on-error-not-by-default", "POST", nil, "application/json", `{}`, http.StatusInternalServerError, `Error occurred while executing the hook's command. Please check your logs for more details.`, ``},
{"capture output on error with extra flag set", "capture-command-output-on-error-yes-with-extra-flag", nil, "application/json", `{}`, http.StatusInternalServerError, `arg: exit=1 {"capture output on error with extra flag set", "capture-command-output-on-error-yes-with-extra-flag", "POST", nil, "application/json", `{}`, http.StatusInternalServerError, `arg: exit=1
`, ``}, `, ``},
// Check logs // Check logs
{"static params should pass", "static-params-ok", nil, "application/json", `{}`, http.StatusOK, "arg: passed\n", `(?s)command output: arg: passed`}, {"static params should pass", "static-params-ok", "POST", nil, "application/json", `{}`, http.StatusOK, "arg: passed\n", `(?s)command output: arg: passed`},
{"command with space logs warning", "warn-on-space", nil, "application/json", `{}`, http.StatusInternalServerError, "Error occurred while executing the hook's command. Please check your logs for more details.", `(?s)unable to locate command.*use 'pass[-]arguments[-]to[-]command' to specify args`}, {"command with space logs warning", "warn-on-space", "POST", nil, "application/json", `{}`, http.StatusInternalServerError, "Error occurred while executing the hook's command. Please check your logs for more details.", `(?s)unable to locate command.*use 'pass[-]arguments[-]to[-]command' to specify args`},
{"unsupported content type error", "github", map[string]string{"Content-Type": "nonexistent/format"}, "application/json", `{}`, http.StatusBadRequest, `Hook rules were not satisfied.`, `(?s)error parsing body payload due to unsupported content type header:`}, {"unsupported content type error", "github", "POST", map[string]string{"Content-Type": "nonexistent/format"}, "application/json", `{}`, http.StatusBadRequest, `Hook rules were not satisfied.`, `(?s)error parsing body payload due to unsupported content type header:`},
} }
// buffer provides a concurrency-safe bytes.Buffer to tests above. // buffer provides a concurrency-safe bytes.Buffer to tests above.