diff --git a/Cargo.toml b/Cargo.toml index a0a37c73..940ed142 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,7 +3,8 @@ resolver = "2" members = ["crates/*"] [workspace.package] -version = "0.10.0" +version = "0.10.0" # Update git-next-* under workspace.dependencies + edition = "2021" license = "MIT" repository = "https://git.kemitix.net/kemitix/git-next" diff --git a/crates/repo-actor/src/handlers/webhook_notification.rs b/crates/repo-actor/src/handlers/webhook_notification.rs index b7c32700..a74e8c5d 100644 --- a/crates/repo-actor/src/handlers/webhook_notification.rs +++ b/crates/repo-actor/src/handlers/webhook_notification.rs @@ -1,41 +1,24 @@ // use actix::prelude::*; -use crate::{self as actor, messages::WebhookNotification}; -use git_next_config as config; -use git_next_git as git; +use crate::{self as actor, messages::WebhookNotification, RepoActorLog}; +use git_next_config::webhook::push::Branch; +use git_next_config::WebhookAuth; +use git_next_git::{self as git, ForgeLike}; use tracing::{info, warn}; impl Handler for actor::RepoActor { type Result = (); - #[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity #[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.repo_details))] fn handle(&mut self, msg: WebhookNotification, ctx: &mut Self::Context) -> Self::Result { - let Some(expected_authorization) = &self.webhook_auth else { - actor::logger(&self.log, "server has no auth token"); - warn!("Don't know what authorization to expect"); - return; - }; let Some(config) = &self.repo_details.repo_config else { actor::logger(&self.log, "server has no repo config"); warn!("No repo config"); return; }; - if !self - .forge - .is_message_authorised(&msg, expected_authorization) - { - actor::logger(&self.log, "message authorisation is invalid"); - warn!( - "Invalid authorization - expected {}", - expected_authorization - ); - return; - } - if self.forge.should_ignore_message(&msg) { - actor::logger(&self.log, "forge sent ignorable message"); + if validate_notification(&msg, &self.webhook_auth, &*self.forge, &self.log).is_err() { return; } let body = msg.body(); @@ -54,7 +37,7 @@ impl Handler for actor::RepoActor { ); return; } - Some(config::webhook::push::Branch::Main) => { + Some(Branch::Main) => { actor::logger(&self.log, "message is for main branch"); let commit = git::Commit::from(push); if self.last_main_commit.as_ref() == Some(&commit) { @@ -68,7 +51,7 @@ impl Handler for actor::RepoActor { } self.last_main_commit.replace(commit); } - Some(config::webhook::push::Branch::Next) => { + Some(Branch::Next) => { actor::logger(&self.log, "message is for next branch"); let commit = git::Commit::from(push); if self.last_next_commit.as_ref() == Some(&commit) { @@ -82,7 +65,7 @@ impl Handler for actor::RepoActor { } self.last_next_commit.replace(commit); } - Some(config::webhook::push::Branch::Dev) => { + Some(Branch::Dev) => { actor::logger(&self.log, "message is for dev branch"); let commit = git::Commit::from(push); if self.last_dev_commit.as_ref() == Some(&commit) { @@ -110,3 +93,30 @@ impl Handler for actor::RepoActor { ); } } + +fn validate_notification( + msg: &WebhookNotification, + webhook_auth: &Option, + forge: &dyn ForgeLike, + log: &Option, +) -> Result<(), ()> { + let Some(expected_authorization) = webhook_auth else { + actor::logger(log, "server has no auth token"); + warn!("Don't know what authorization to expect"); + return Err(()); + }; + + if !forge.is_message_authorised(msg, expected_authorization) { + actor::logger(log, "message authorisation is invalid"); + warn!( + "Invalid authorization - expected {}", + expected_authorization + ); + return Err(()); + } + if forge.should_ignore_message(msg) { + actor::logger(log, "forge sent ignorable message"); + return Err(()); + } + Ok(()) +}