quay/endpoints/webhooks.py

import logging

from flask import request, make_response, Blueprint

from app import billing as stripe
from data import model
from auth.decorators import process_auth
from auth.permissions import ModifyRepositoryPermission
from util.invoice import renderInvoiceToHtml
from util.useremails import send_invoice_email, send_subscription_change, send_payment_failed
from util.http import abort
from buildtrigger.basehandler import BuildTriggerHandler
from buildtrigger.triggerutil import (ValidationRequestException, SkipRequestException,
                                      InvalidPayloadException)
from endpoints.building import start_build, MaximumBuildsQueuedException


logger = logging.getLogger(__name__)

webhooks = Blueprint('webhooks', __name__)


@webhooks.route('/stripe', methods=['POST'])
def stripe_webhook():
  request_data = request.get_json()
  logger.debug('Stripe webhook call: %s', request_data)

  customer_id = request_data.get('data', {}).get('object', {}).get('customer', None)
  user = model.user.get_user_or_org_by_customer_id(customer_id) if customer_id else None

  event_type = request_data['type'] if 'type' in request_data else None
  if event_type == 'charge.succeeded':
    invoice_id = request_data['data']['object']['invoice']

    if user and user.invoice_email:
      # Lookup the invoice.
      invoice = stripe.Invoice.retrieve(invoice_id)
      if invoice:
        invoice_html = renderInvoiceToHtml(invoice, user)
        send_invoice_email(user.invoice_email_address or user.email, invoice_html)

  elif event_type.startswith('customer.subscription.'):
    cust_email = user.email if user is not None else 'unknown@domain.com'
    quay_username = user.username if user is not None else 'unknown'

    change_type = ''
    if event_type.endswith('.deleted'):
      plan_id = request_data['data']['object']['plan']['id']
      change_type = 'canceled %s' % plan_id
      send_subscription_change(change_type, customer_id, cust_email, quay_username)
    elif event_type.endswith('.created'):
      plan_id = request_data['data']['object']['plan']['id']
      change_type = 'subscribed %s' % plan_id
      send_subscription_change(change_type, customer_id, cust_email, quay_username)
    elif event_type.endswith('.updated'):
      if 'previous_attributes' in request_data['data']:
        if 'plan' in request_data['data']['previous_attributes']:
          old_plan = request_data['data']['previous_attributes']['plan']['id']
          new_plan = request_data['data']['object']['plan']['id']
          change_type = 'switched %s -> %s' % (old_plan, new_plan)
          send_subscription_change(change_type, customer_id, cust_email, quay_username)

  elif event_type == 'invoice.payment_failed':
    if user:
      send_payment_failed(user.email, user.username)

  return make_response('Okay')


@webhooks.route('/push/<repopath:repository>/trigger/<trigger_uuid>', methods=['POST'])
@webhooks.route('/push/trigger/<trigger_uuid>', methods=['POST'], defaults={'repository': ''})
@process_auth
def build_trigger_webhook(trigger_uuid, **kwargs):
  logger.debug('Webhook received with uuid %s', trigger_uuid)

  try:
    trigger = model.build.get_build_trigger(trigger_uuid)
  except model.InvalidBuildTriggerException:
    # It is ok to return 404 here, since letting an attacker know that a trigger UUID is valid
    # doesn't leak anything
    abort(404)

  namespace = trigger.repository.namespace_user.username
  repository = trigger.repository.name
  permission = ModifyRepositoryPermission(namespace, repository)

  if permission.can():
    handler = BuildTriggerHandler.get_handler(trigger)

    if trigger.repository.kind.name != 'image':
      abort(501, 'Build triggers cannot be invoked on application repositories')
    elif trigger.repository.trust_enabled:
      abort(400, 'Build triggers cannot be invoked on repositories with trust enabled')

    logger.debug('Passing webhook request to handler %s', handler)
    try:
      prepared = handler.handle_trigger_request(request)
    except ValidationRequestException:
      logger.debug('Handler reported a validation exception: %s', handler)
      # This was just a validation request, we don't need to build anything
      return make_response('Okay')
    except SkipRequestException:
      logger.debug('Handler reported to skip the build: %s', handler)
      # The build was requested to be skipped
      return make_response('Okay')
    except InvalidPayloadException as ipe:
      logger.exception('Invalid payload')
      # The payload was malformed
      abort(400, message=ipe.message)

    pull_robot_name = model.build.get_pull_robot_name(trigger)
    repo = model.repository.get_repository(namespace, repository)
    try:
      start_build(repo, prepared, pull_robot_name=pull_robot_name)
    except MaximumBuildsQueuedException:
      abort(429, message='Maximum queued build rate exceeded.')

    return make_response('Okay')

  abort(403)
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00			`import logging`

Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`from flask import request, make_response, Blueprint`
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00
Fix the tests and implement a fake stripe. 2014-04-10 15:20:16 -04:00			`from app import billing as stripe`
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00			`from data import model`
Move auth decorators into a decorators module The non-decorators will be broken out in the followup change 2017-03-16 16:50:09 -04:00			`from auth.decorators import process_auth`
Check in progress on github connection, this will not work. 2014-02-11 13:53:44 -05:00			`from auth.permissions import ModifyRepositoryPermission`
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00			`from util.invoice import renderInvoiceToHtml`
Rename the email util to not conflict with a builtin library. 2014-05-28 18:22:48 -04:00			`from util.useremails import send_invoice_email, send_subscription_change, send_payment_failed`
Check in progress on github connection, this will not work. 2014-02-11 13:53:44 -05:00			`from util.http import abort`
Start refactoring of the trigger system: - Move each trigger handler into its own file - Add dictionary helper classes for easier reading and writing of dict-based data - Extract the web hook payload -> internal representation building for each trigger system - Add tests for this transformation - Remove support for Github archived-based building 2015-09-11 17:40:32 -04:00			`from buildtrigger.basehandler import BuildTriggerHandler`
add rate limiting to build queues 2016-12-05 16:07:00 -05:00			`from buildtrigger.triggerutil import (ValidationRequestException, SkipRequestException,`
Start refactoring of the trigger system: - Move each trigger handler into its own file - Add dictionary helper classes for easier reading and writing of dict-based data - Extract the web hook payload -> internal representation building for each trigger system - Add tests for this transformation - Remove support for Github archived-based building 2015-09-11 17:40:32 -04:00			`InvalidPayloadException)`
add rate limiting to build queues 2016-12-05 16:07:00 -05:00			`from endpoints.building import start_build, MaximumBuildsQueuedException`
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00
Merge the plans and mark many as deprecated. Fix a bunch of pylint errors. 2013-12-19 17:06:04 -05:00
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00			`logger = logging.getLogger(__name__)`

Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`webhooks = Blueprint('webhooks', __name__)`
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00
Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@webhooks.route('/stripe', methods=['POST'])`
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00			`def stripe_webhook():`
			`request_data = request.get_json()`
trigger: pass trigger into manual_start & handle_trigger_request 2015-03-23 12:14:47 -04:00			`logger.debug('Stripe webhook call: %s', request_data)`
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00
Send an email automatically when a payment fails. 2014-04-22 13:56:34 -04:00			`customer_id = request_data.get('data', {}).get('object', {}).get('customer', None)`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 17:25:41 -04:00			`user = model.user.get_user_or_org_by_customer_id(customer_id) if customer_id else None`
Send an email automatically when a payment fails. 2014-04-22 13:56:34 -04:00
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00			`event_type = request_data['type'] if 'type' in request_data else None`
			`if event_type == 'charge.succeeded':`
Fix a stupid error in the webhook code. 2014-04-28 12:47:48 -04:00			`invoice_id = request_data['data']['object']['invoice']`
Send an email automatically when a payment fails. 2014-04-22 13:56:34 -04:00
			`if user and user.invoice_email:`
			`# Lookup the invoice.`
			`invoice = stripe.Invoice.retrieve(invoice_id)`
			`if invoice:`
			`invoice_html = renderInvoiceToHtml(invoice, user)`
Add support for custom billing invoice email address Fixes #782 2015-12-28 13:59:50 -05:00			`send_invoice_email(user.invoice_email_address or user.email, invoice_html)`
Send an email automatically when a payment fails. 2014-04-22 13:56:34 -04:00
Respond to subscription change events so I can stop polling the stripe event list. 2014-04-15 17:00:32 -04:00			`elif event_type.startswith('customer.subscription.'):`
Send an email automatically when a payment fails. 2014-04-22 13:56:34 -04:00			`cust_email = user.email if user is not None else 'unknown@domain.com'`
			`quay_username = user.username if user is not None else 'unknown'`
Update the subscription change webhook to be more friendly and not send emails for payments. 2014-04-17 16:18:37 -04:00
			`change_type = ''`
			`if event_type.endswith('.deleted'):`
			`plan_id = request_data['data']['object']['plan']['id']`
			`change_type = 'canceled %s' % plan_id`
			`send_subscription_change(change_type, customer_id, cust_email, quay_username)`
			`elif event_type.endswith('.created'):`
			`plan_id = request_data['data']['object']['plan']['id']`
			`change_type = 'subscribed %s' % plan_id`
			`send_subscription_change(change_type, customer_id, cust_email, quay_username)`
			`elif event_type.endswith('.updated'):`
			`if 'previous_attributes' in request_data['data']:`
			`if 'plan' in request_data['data']['previous_attributes']:`
			`old_plan = request_data['data']['previous_attributes']['plan']['id']`
			`new_plan = request_data['data']['object']['plan']['id']`
			`change_type = 'switched %s -> %s' % (old_plan, new_plan)`
			`send_subscription_change(change_type, customer_id, cust_email, quay_username)`
Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00
Send an email automatically when a payment fails. 2014-04-22 13:56:34 -04:00			`elif event_type == 'invoice.payment_failed':`
			`if user:`
			`send_payment_failed(user.email, user.username)`

Add receipt/invoice email support and option to Quay 2013-11-15 14:42:31 -05:00			`return make_response('Okay')`
Check in progress on github connection, this will not work. 2014-02-11 13:53:44 -05:00
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. This support is placed behind a feature flag. 2016-01-21 15:40:51 -05:00			`@webhooks.route('/push/<repopath:repository>/trigger/<trigger_uuid>', methods=['POST'])`
Fix robot renaming. Allow for trigger URLs to contain or omit the repository in the path. Fix calls to get_trigger to remove the namespace and repository. 2014-11-18 10:24:48 -05:00			`@webhooks.route('/push/trigger/<trigger_uuid>', methods=['POST'], defaults={'repository': ''})`
Check in progress on github connection, this will not work. 2014-02-11 13:53:44 -05:00			`@process_auth`
Fix robot renaming. Allow for trigger URLs to contain or omit the repository in the path. Fix calls to get_trigger to remove the namespace and repository. 2014-11-18 10:24:48 -05:00			`def build_trigger_webhook(trigger_uuid, **kwargs):`
Rename robots when we rename a user. Do not use the namespace from the path to check permissions from the incoming webhooks since the namespace may have changed and we cannot recreate them in remote services easily. 2014-11-09 17:50:57 -05:00			`logger.debug('Webhook received with uuid %s', trigger_uuid)`
Strip whitespace from ALL the things. 2014-11-24 16:07:38 -05:00
Rename robots when we rename a user. Do not use the namespace from the path to check permissions from the incoming webhooks since the namespace may have changed and we cannot recreate them in remote services easily. 2014-11-09 17:50:57 -05:00			`try:`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 17:25:41 -04:00			`trigger = model.build.get_build_trigger(trigger_uuid)`
Rename robots when we rename a user. Do not use the namespace from the path to check permissions from the incoming webhooks since the namespace may have changed and we cannot recreate them in remote services easily. 2014-11-09 17:50:57 -05:00			`except model.InvalidBuildTriggerException:`
			`# It is ok to return 404 here, since letting an attacker know that a trigger UUID is valid`
			`# doesn't leak anything`
			`abort(404)`

			`namespace = trigger.repository.namespace_user.username`
			`repository = trigger.repository.name`
Check in progress on github connection, this will not work. 2014-02-11 13:53:44 -05:00			`permission = ModifyRepositoryPermission(namespace, repository)`
Add tests for build web hooks endpoint 2017-03-20 13:22:59 -04:00
Remove test "True" that breaks permissions on the Github trigger 2014-05-01 21:35:07 -04:00			`if permission.can():`
Work in progress: bitbucket support 2015-04-24 18:36:48 -04:00			`handler = BuildTriggerHandler.get_handler(trigger)`
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00
Disable certain APIs and build triggers when trust is enabled Since trust will break if Quay makes changes, disable all Quay tag-change APIs and build APIs+webhooks when trust is enabled on a repository. Once we get Quay signing things itself, we can revisit this. 2017-04-16 22:40:59 -04:00			`if trigger.repository.kind.name != 'image':`
			`abort(501, 'Build triggers cannot be invoked on application repositories')`
			`elif trigger.repository.trust_enabled:`
			`abort(400, 'Build triggers cannot be invoked on repositories with trust enabled')`

Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00			`logger.debug('Passing webhook request to handler %s', handler)`
Write triggers are successfully installing on GitHub, noice! 2014-02-21 17:09:56 -05:00			`try:`
Get build preparation working for bitbucket and do a lot of code cleanup around this process across all the triggers. Note: tests are not yet updated. 2015-04-29 17:04:52 -04:00			`prepared = handler.handle_trigger_request(request)`
Write triggers are successfully installing on GitHub, noice! 2014-02-21 17:09:56 -05:00			`except ValidationRequestException:`
Fix bugs with the custom git trigger and make error reporting better 2015-05-10 13:38:47 -04:00			`logger.debug('Handler reported a validation exception: %s', handler)`
Prepare the build worker to support multiple tags and subdirectories. Change the build database config to accept a job config object instead of breaking out the parameters into independent blocks. 2014-02-24 16:11:23 -05:00			`# This was just a validation request, we don't need to build anything`
Write triggers are successfully installing on GitHub, noice! 2014-02-21 17:09:56 -05:00			`return make_response('Okay')`
Add support for skipping Dockerfile builds via the [skip build] or [build skip] message 2014-05-01 15:25:46 -04:00			`except SkipRequestException:`
Fix bugs with the custom git trigger and make error reporting better 2015-05-10 13:38:47 -04:00			`logger.debug('Handler reported to skip the build: %s', handler)`
Add support for skipping Dockerfile builds via the [skip build] or [build skip] message 2014-05-01 15:25:46 -04:00			`# The build was requested to be skipped`
			`return make_response('Okay')`
Fix bugs with the custom git trigger and make error reporting better 2015-05-10 13:38:47 -04:00			`except InvalidPayloadException as ipe:`
			`logger.exception('Invalid payload')`
trigger: initial custom git trigger 2015-03-26 16:20:53 -04:00			`# The payload was malformed`
Fix bugs with the custom git trigger and make error reporting better 2015-05-10 13:38:47 -04:00			`abort(400, message=ipe.message)`
Add support for skipping Dockerfile builds via the [skip build] or [build skip] message 2014-05-01 15:25:46 -04:00
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 17:25:41 -04:00			`pull_robot_name = model.build.get_pull_robot_name(trigger)`
			`repo = model.repository.get_repository(namespace, repository)`
add rate limiting to build queues 2016-12-05 16:07:00 -05:00			`try:`
			`start_build(repo, prepared, pull_robot_name=pull_robot_name)`
			`except MaximumBuildsQueuedException:`
build queue rate limiting: address PR comments 2016-12-06 20:40:54 -05:00			`abort(429, message='Maximum queued build rate exceeded.')`
Add logging descriptions for the new trigger logs 2014-02-25 18:22:55 -05:00
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00			`return make_response('Okay')`
Check in progress on github connection, this will not work. 2014-02-11 13:53:44 -05:00
Add logging descriptions for the new trigger logs 2014-02-25 18:22:55 -05:00			`abort(403)`