mirror of
				https://github.com/adnanh/webhook.git
				synced 2025-10-25 10:40:57 +00:00 
			
		
		
		
	Merge branch 'development' into development
This commit is contained in:
		
						commit
						e86c2cf610
					
				
					 6 changed files with 450 additions and 329 deletions
				
			
		
							
								
								
									
										13
									
								
								Makefile
									
										
									
									
									
								
							
							
						
						
									
										13
									
								
								Makefile
									
										
									
									
									
								
							|  | @ -1,7 +1,7 @@ | |||
| OS = darwin freebsd linux openbsd windows | ||||
| OS = darwin freebsd linux openbsd | ||||
| ARCHS = 386 arm amd64 arm64 | ||||
| 
 | ||||
| all: build release | ||||
| all: build release release-windows | ||||
| 
 | ||||
| build: deps | ||||
| 	go build | ||||
|  | @ -18,6 +18,15 @@ release: clean deps | |||
| 		done \
 | ||||
| 	done | ||||
| 
 | ||||
| release-windows: clean deps | ||||
| 	@for arch in $(ARCHS);\
 | ||||
| 	do \
 | ||||
| 		echo "Building windows-$$arch"; \
 | ||||
| 		mkdir -p build/webhook-windows-$$arch/; \
 | ||||
| 		GOOS=windows GOARCH=$$arch go build -o build/webhook-windows-$$arch/webhook.exe; \
 | ||||
| 		tar cz -C build -f build/webhook-windows-$$arch.tar.gz webhook-windows-$$arch; \
 | ||||
| 	done | ||||
| 
 | ||||
| test: deps | ||||
| 	go test ./... | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										16
									
								
								README.md
									
										
									
									
									
								
							
							
						
						
									
										16
									
								
								README.md
									
										
									
									
									
								
							|  | @ -92,6 +92,20 @@ Check out [Hook examples page](docs/Hook-Examples.md) for more complex examples | |||
| ### Guides featuring webhook | ||||
|  - [Webhook & JIRA](https://sites.google.com/site/mrxpalmeiras/notes/jira-webhooks) by [@perfecto25](https://github.com/perfecto25) | ||||
|  - [Trigger Ansible AWX job runs on SCM (e.g. git) commit](http://jpmens.net/2017/10/23/trigger-awx-job-runs-on-scm-commit/) by [@jpmens](http://mens.de/) | ||||
|  - [Deploy using GitHub webhooks](https://davidauthier.wearemd.com/blog/deploy-using-github-webhooks.html) by [@awea](https://davidauthier.wearemd.com) | ||||
|  - [Setting up Automatic Deployment and Builds Using Webhooks](https://willbrowning.me/setting-up-automatic-deployment-and-builds-using-webhooks/) by [Will Browning](https://willbrowning.me/about/) | ||||
|  - [Auto deploy your Node.js app on push to GitHub in 3 simple steps](https://webhookrelay.com/blog/2018/07/17/auto-deploy-on-git-push/) by Karolis Rusenas | ||||
|  - [Automate Static Site Deployments with Salt, Git, and Webhooks](https://www.linode.com/docs/applications/configuration-management/automate-a-static-site-deployment-with-salt/) by [Linode](https://www.linode.com) | ||||
|  - [Using Prometheus to Automatically Scale WebLogic Clusters on Kubernetes](https://blogs.oracle.com/weblogicserver/using-prometheus-to-automatically-scale-weblogic-clusters-on-kubernetes-v5) by [Marina Kogan](https://blogs.oracle.com/author/9a4fe754-1cc2-4c64-95fc-360642b62927) | ||||
|  - [Github Pages and Jekyll - A New Platform for LACNIC Labs](https://labs.lacnic.net/a-new-platform-for-lacniclabs/) by [Carlos Martínez Cagnazzo](https://twitter.com/carlosm3011) | ||||
|  - [How to Deploy React Apps Using Webhooks and Integrating Slack on Ubuntu](https://www.alibabacloud.com/blog/how-to-deploy-react-apps-using-webhooks-and-integrating-slack-on-ubuntu_594116) by Arslan Ud Din Shafiq | ||||
|  - [Private webhooks](https://ihateithe.re/2018/01/private-webhooks/) by [Thomas](https://ihateithe.re/colophon/) | ||||
|  - [Adventures in webhooks](https://medium.com/@draketech/adventures-in-webhooks-2d6584501c62) by [Drake](https://medium.com/@draketech) | ||||
|  - [GitHub pro tips](http://notes.spencerlyon.com/2016/01/04/github-pro-tips/) by [Spencer Lyon](http://notes.spencerlyon.com/) | ||||
|  - [XiaoMi Vacuum + Amazon Button = Dash Cleaning](https://www.instructables.com/id/XiaoMi-Vacuum-Amazon-Button-Dash-Cleaning/) by [c0mmensal](https://www.instructables.com/member/c0mmensal/) | ||||
|  - VIDEO: [Gitlab CI/CD configuration using Docker and adnanh/webhook to deploy on VPS - Tutorial #1](https://www.youtube.com/watch?v=Qhn-lXjyrZA&feature=youtu.be) by [Yes! Let's Learn Software Engineering](https://www.youtube.com/channel/UCH4XJf2BZ_52fbf8fOBMF3w) | ||||
|  - ... | ||||
|  - Want to add your own? Open an Issue or create a PR :-) | ||||
|   | ||||
| ## Community Contributions | ||||
| See the [webhook-contrib][wc] repository for a collections of tools and helpers related to [webhook][w] that have been contributed by the [webhook][w] community. | ||||
|  | @ -102,7 +116,7 @@ Check out [existing issues](https://github.com/adnanh/webhook/issues) to see if | |||
| # Support active development | ||||
| 
 | ||||
| ## Sponsors | ||||
| ## <a href="https://www.digitalocean.com/?ref=webhook"><img src="https://www.digitalocean.com/assets/media/logos-badges/png/DO_Logo_Horizontal_Blue-3db19536.png" alt="DigitalOcean" width="250"/></a> | ||||
| ## <a href="https://www.digitalocean.com/?ref=webhook"><img src="http://www.hajdarevic.net/DO_Logo_Horizontal_Blue.png" alt="DigitalOcean" width="250"/></a> | ||||
| [DigitalOcean](https://www.digitalocean.com/?ref=webhook) is a simple and robust cloud computing platform, designed for developers. | ||||
| 
 | ||||
| 
 | ||||
|  |  | |||
|  | @ -176,6 +176,61 @@ Values in the request body can be accessed in the command or to the match rule b | |||
|   } | ||||
| ] | ||||
| ``` | ||||
| ## Incoming Gitea webhook | ||||
| ```json | ||||
| [ | ||||
|   { | ||||
|     "id": "webhook", | ||||
|     "execute-command": "/home/adnan/redeploy-go-webhook.sh", | ||||
|     "command-working-directory": "/home/adnan/go", | ||||
|     "pass-arguments-to-command": | ||||
|     [ | ||||
|       { | ||||
|         "source": "payload", | ||||
|         "name": "head_commit.id" | ||||
|       }, | ||||
|       { | ||||
|         "source": "payload", | ||||
|         "name": "pusher.name" | ||||
|       }, | ||||
|       { | ||||
|         "source": "payload", | ||||
|         "name": "pusher.email" | ||||
|       } | ||||
|     ], | ||||
|     "trigger-rule": | ||||
|     { | ||||
|       "and": | ||||
|       [ | ||||
|         { | ||||
|           "match": | ||||
|           { | ||||
|             "type": "value", | ||||
|             "value": "mysecret", | ||||
|             "parameter": | ||||
|             { | ||||
|               "source": "payload", | ||||
|               "name": "secret" | ||||
|             } | ||||
|           } | ||||
|         }, | ||||
|         { | ||||
|           "match": | ||||
|           { | ||||
|             "type": "value", | ||||
|             "value": "refs/heads/master", | ||||
|             "parameter": | ||||
|             { | ||||
|               "source": "payload", | ||||
|               "name": "ref" | ||||
|             } | ||||
|           } | ||||
|         } | ||||
|       ] | ||||
|     } | ||||
|   } | ||||
| ] | ||||
| ``` | ||||
| 
 | ||||
| ## Slack slash command | ||||
| ```json | ||||
|  |  | |||
							
								
								
									
										55
									
								
								hook/hook.go
									
										
									
									
									
								
							
							
						
						
									
										55
									
								
								hook/hook.go
									
										
									
									
									
								
							|  | @ -94,6 +94,10 @@ func (e *ParseError) Error() string { | |||
| 
 | ||||
| // CheckPayloadSignature calculates and verifies SHA1 signature of the given payload | ||||
| func CheckPayloadSignature(payload []byte, secret string, signature string) (string, error) { | ||||
| 	if secret == "" { | ||||
| 		return "", errors.New("signature validation secret can not be empty") | ||||
| 	} | ||||
| 
 | ||||
| 	signature = strings.TrimPrefix(signature, "sha1=") | ||||
| 
 | ||||
| 	mac := hmac.New(sha1.New, []byte(secret)) | ||||
|  | @ -111,6 +115,10 @@ func CheckPayloadSignature(payload []byte, secret string, signature string) (str | |||
| 
 | ||||
| // CheckPayloadSignature256 calculates and verifies SHA256 signature of the given payload | ||||
| func CheckPayloadSignature256(payload []byte, secret string, signature string) (string, error) { | ||||
| 	if secret == "" { | ||||
| 		return "", errors.New("signature validation secret can not be empty") | ||||
| 	} | ||||
| 
 | ||||
| 	signature = strings.TrimPrefix(signature, "sha256=") | ||||
| 
 | ||||
| 	mac := hmac.New(sha256.New, []byte(secret)) | ||||
|  | @ -134,6 +142,10 @@ func CheckScalrSignature(headers map[string]interface{}, body []byte, signingKey | |||
| 	if _, ok := headers["Date"]; !ok { | ||||
| 		return false, nil | ||||
| 	} | ||||
| 	if signingKey == "" { | ||||
| 		return false, errors.New("signature validation signing key can not be empty") | ||||
| 	} | ||||
| 
 | ||||
| 	providedSignature := headers["X-Signature"].(string) | ||||
| 	dateHeader := headers["Date"].(string) | ||||
| 	mac := hmac.New(sha1.New, []byte(signingKey)) | ||||
|  | @ -168,41 +180,36 @@ func CheckScalrSignature(headers map[string]interface{}, body []byte, signingKey | |||
| func CheckIPWhitelist(remoteAddr string, ipRange string) (bool, error) { | ||||
| 	// Extract IP address from remote address. | ||||
| 
 | ||||
| 	ip := remoteAddr | ||||
| 	// IPv6 addresses will likely be surrounded by []. | ||||
| 	ip := strings.Trim(remoteAddr, " []") | ||||
| 
 | ||||
| 	if strings.LastIndex(remoteAddr, ":") != -1 { | ||||
| 		ip = remoteAddr[0:strings.LastIndex(remoteAddr, ":")] | ||||
| 	if i := strings.LastIndex(ip, ":"); i != -1 { | ||||
| 		ip = ip[:i] | ||||
| 	} | ||||
| 
 | ||||
| 	ip = strings.TrimSpace(ip) | ||||
| 
 | ||||
| 	// IPv6 addresses will likely be surrounded by [], so don't forget to remove those. | ||||
| 
 | ||||
| 	if strings.HasPrefix(ip, "[") && strings.HasSuffix(ip, "]") { | ||||
| 		ip = ip[1 : len(ip)-1] | ||||
| 	} | ||||
| 
 | ||||
| 	parsedIP := net.ParseIP(strings.TrimSpace(ip)) | ||||
| 
 | ||||
| 	parsedIP := net.ParseIP(ip) | ||||
| 	if parsedIP == nil { | ||||
| 		return false, fmt.Errorf("invalid IP address found in remote address '%s'", remoteAddr) | ||||
| 	} | ||||
| 
 | ||||
| 	// Extract IP range in CIDR form.  If a single IP address is provided, turn it into CIDR form. | ||||
| 	for _, r := range strings.Fields(ipRange) { | ||||
| 		// Extract IP range in CIDR form.  If a single IP address is provided, turn it into CIDR form. | ||||
| 
 | ||||
| 	ipRange = strings.TrimSpace(ipRange) | ||||
| 		if !strings.Contains(r, "/") { | ||||
| 			r = r + "/32" | ||||
| 		} | ||||
| 
 | ||||
| 	if !strings.Contains(ipRange, "/") { | ||||
| 		ipRange = ipRange + "/32" | ||||
| 		_, cidr, err := net.ParseCIDR(r) | ||||
| 		if err != nil { | ||||
| 			return false, err | ||||
| 		} | ||||
| 
 | ||||
| 		if cidr.Contains(parsedIP) { | ||||
| 			return true, nil | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	_, cidr, err := net.ParseCIDR(ipRange) | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 		return false, err | ||||
| 	} | ||||
| 
 | ||||
| 	return cidr.Contains(parsedIP), nil | ||||
| 	return false, nil | ||||
| } | ||||
| 
 | ||||
| // ReplaceParameter replaces parameter value with the passed value in the passed map | ||||
|  |  | |||
|  | @ -19,6 +19,7 @@ var checkPayloadSignatureTests = []struct { | |||
| 	// failures | ||||
| 	{[]byte(`{"a": "z"}`), "secret", "XXXe04cbb22afa8ffbff8796fc1894ed27badd9e", "b17e04cbb22afa8ffbff8796fc1894ed27badd9e", false}, | ||||
| 	{[]byte(`{"a": "z"}`), "secreX", "b17e04cbb22afa8ffbff8796fc1894ed27badd9e", "900225703e9342328db7307692736e2f7cc7b36e", false}, | ||||
| 	{[]byte(`{"a": "z"}`), "", "b17e04cbb22afa8ffbff8796fc1894ed27badd9e", "", false}, | ||||
| } | ||||
| 
 | ||||
| func TestCheckPayloadSignature(t *testing.T) { | ||||
|  | @ -28,7 +29,7 @@ func TestCheckPayloadSignature(t *testing.T) { | |||
| 			t.Errorf("failed to check payload signature {%q, %q, %q}:\nexpected {mac:%#v, ok:%#v},\ngot {mac:%#v, ok:%#v}", tt.payload, tt.secret, tt.signature, tt.mac, tt.ok, mac, (err == nil)) | ||||
| 		} | ||||
| 
 | ||||
| 		if err != nil && strings.Contains(err.Error(), tt.mac) { | ||||
| 		if err != nil && tt.mac != "" && strings.Contains(err.Error(), tt.mac) { | ||||
| 			t.Errorf("error message should not disclose expected mac: %s", err) | ||||
| 		} | ||||
| 	} | ||||
|  | @ -45,6 +46,7 @@ var checkPayloadSignature256Tests = []struct { | |||
| 	{[]byte(`{"a": "z"}`), "secret", "sha256=f417af3a21bd70379b5796d5f013915e7029f62c580fb0f500f59a35a6f04c89", "f417af3a21bd70379b5796d5f013915e7029f62c580fb0f500f59a35a6f04c89", true}, | ||||
| 	// failures | ||||
| 	{[]byte(`{"a": "z"}`), "secret", "XXX7af3a21bd70379b5796d5f013915e7029f62c580fb0f500f59a35a6f04c89", "f417af3a21bd70379b5796d5f013915e7029f62c580fb0f500f59a35a6f04c89", false}, | ||||
| 	{[]byte(`{"a": "z"}`), "", "XXX7af3a21bd70379b5796d5f013915e7029f62c580fb0f500f59a35a6f04c89", "", false}, | ||||
| } | ||||
| 
 | ||||
| func TestCheckPayloadSignature256(t *testing.T) { | ||||
|  | @ -54,7 +56,7 @@ func TestCheckPayloadSignature256(t *testing.T) { | |||
| 			t.Errorf("failed to check payload signature {%q, %q, %q}:\nexpected {mac:%#v, ok:%#v},\ngot {mac:%#v, ok:%#v}", tt.payload, tt.secret, tt.signature, tt.mac, tt.ok, mac, (err == nil)) | ||||
| 		} | ||||
| 
 | ||||
| 		if err != nil && strings.Contains(err.Error(), tt.mac) { | ||||
| 		if err != nil && tt.mac != "" && strings.Contains(err.Error(), tt.mac) { | ||||
| 			t.Errorf("error message should not disclose expected mac: %s", err) | ||||
| 		} | ||||
| 	} | ||||
|  | @ -92,6 +94,12 @@ var checkScalrSignatureTests = []struct { | |||
| 		[]byte(`{"a": "b"}`), "bilFGi4ZVZUdG+C6r0NIM9tuRq6PaG33R3eBUVhLwMAErGBaazvXe4Gq2DcJs5q+", | ||||
| 		"48e395e38ac48988929167df531eb2da00063a7d", false, | ||||
| 	}, | ||||
| 	{ | ||||
| 		"Missing signing key", | ||||
| 		map[string]interface{}{"Date": "Thu 07 Sep 2017 06:30:04 UTC", "X-Signature": "48e395e38ac48988929167df531eb2da00063a7d"}, | ||||
| 		[]byte(`{"a": "b"}`), "", | ||||
| 		"48e395e38ac48988929167df531eb2da00063a7d", false, | ||||
| 	}, | ||||
| } | ||||
| 
 | ||||
| func TestCheckScalrSignature(t *testing.T) { | ||||
|  | @ -102,12 +110,36 @@ func TestCheckScalrSignature(t *testing.T) { | |||
| 				testCase.description, testCase.ok, valid) | ||||
| 		} | ||||
| 
 | ||||
| 		if err != nil && strings.Contains(err.Error(), testCase.expectedSignature) { | ||||
| 		if err != nil && testCase.secret != "" && strings.Contains(err.Error(), testCase.expectedSignature) { | ||||
| 			t.Errorf("error message should not disclose expected mac: %s on test case %s", err, testCase.description) | ||||
| 		} | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| var checkIPWhitelistTests = []struct { | ||||
| 	addr    string | ||||
| 	ipRange string | ||||
| 	expect  bool | ||||
| 	ok      bool | ||||
| }{ | ||||
| 	{"[ 10.0.0.1:1234 ] ", "  10.0.0.1 ", true, true}, | ||||
| 	{"[ 10.0.0.1:1234 ] ", "  10.0.0.0 ", false, true}, | ||||
| 	{"[ 10.0.0.1:1234 ] ", "  10.0.0.1 10.0.0.1 ", true, true}, | ||||
| 	{"[ 10.0.0.1:1234 ] ", "  10.0.0.0/31 ", true, true}, | ||||
| 	{" [2001:db8:1:2::1:1234] ", "  2001:db8:1::/48 ", true, true}, | ||||
| 	{" [2001:db8:1:2::1:1234] ", "  2001:db8:1::/48 2001:db8:1::/64", true, true}, | ||||
| 	{" [2001:db8:1:2::1:1234] ", "  2001:db8:1::/64 ", false, true}, | ||||
| } | ||||
| 
 | ||||
| func TestCheckIPWhitelist(t *testing.T) { | ||||
| 	for _, tt := range checkIPWhitelistTests { | ||||
| 		result, err := CheckIPWhitelist(tt.addr, tt.ipRange) | ||||
| 		if (err == nil) != tt.ok || result != tt.expect { | ||||
| 			t.Errorf("ip whitelist test failed {%q, %q}:\nwant {expect:%#v, ok:%#v},\ngot {result:%#v, ok:%#v}", tt.addr, tt.ipRange, tt.expect, tt.ok, result, err) | ||||
| 		} | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| var extractParameterTests = []struct { | ||||
| 	s      string | ||||
| 	params interface{} | ||||
|  | @ -129,7 +161,7 @@ var extractParameterTests = []struct { | |||
| 	{"a.501.b", map[string]interface{}{"a": []interface{}{map[string]interface{}{"b": "y"}, map[string]interface{}{"b": "z"}}}, "", false}, // non-existent slice index | ||||
| 	{"a.502.b", map[string]interface{}{"a": []interface{}{}}, "", false},                                                                   // non-existent slice index | ||||
| 	{"a.b.503", map[string]interface{}{"a": map[string]interface{}{"b": []interface{}{"x", "y", "z"}}}, "", false},                         // trailing, non-existent slice index | ||||
| 	{"a.b", interface{}("a"), "", false},                                                                                                   // non-map, non-slice input | ||||
| 	{"a.b", interface{}("a"), "", false}, // non-map, non-slice input | ||||
| } | ||||
| 
 | ||||
| func TestExtractParameter(t *testing.T) { | ||||
|  |  | |||
|  | @ -23,7 +23,7 @@ import ( | |||
| ) | ||||
| 
 | ||||
| const ( | ||||
| 	version = "2.6.8" | ||||
| 	version = "2.6.9" | ||||
| ) | ||||
| 
 | ||||
| var ( | ||||
|  | @ -185,6 +185,10 @@ func main() { | |||
| 		hooksURL = "/" + *hooksURLPrefix + "/{id}" | ||||
| 	} | ||||
| 
 | ||||
| 	router.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { | ||||
| 		fmt.Fprintf(w, "OK") | ||||
| 	}) | ||||
| 
 | ||||
| 	router.HandleFunc(hooksURL, hookHandler) | ||||
| 
 | ||||
| 	n.UseHandler(router) | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue