git-next/crates/server/src/actors/webhook/server.rs

//
use std::net::SocketAddr;

use actix::prelude::*;

use git_next_config::{ForgeAlias, RepoAlias};
use git_next_repo_actor::webhook::{self, WebhookAuth, WebhookMessage};
use tracing::{info, warn};
use warp::reject::Rejection;

pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<WebhookMessage>) {
    // start webhook server
    use warp::Filter;
    // Define the Warp route to handle incoming HTTP requests
    let route = warp::post()
        .map(move || address.clone())
        .and(warp::path::param())
        .and(warp::path::param())
        .and(warp::header::headers_cloned())
        .and(warp::body::bytes())
        .and_then(
            |recipient: Recipient<WebhookMessage>,
             forge_alias: String,
             repo_alias: String,
             // query: String,
             headers: warp::http::HeaderMap,
             body: bytes::Bytes| async move {
                info!("POST received");
                let forge_alias = ForgeAlias::new(forge_alias);
                let repo_alias = RepoAlias::new(repo_alias);
                let bytes = body.to_vec();
                let body = webhook::Body::new(String::from_utf8_lossy(&bytes).to_string());
                headers.get("Authorization").map_or_else(
                    || {
                        warn!("No Authorization header");
                        Err(warp::reject())
                    },
                    |authorisation_header| {
                        info!(
                            forge = %forge_alias,
                            repo = %repo_alias,
                            ?authorisation_header,
                            "Received webhook",
                        );
                        // TODO: (#86) Authorization isn't presented consistently, allow each forge
                        // to parse the authorization from the request
                        match parse_auth(authorisation_header) {
                            Ok(authorisation) => {
                                let message = WebhookMessage::new(
                                    forge_alias,
                                    repo_alias,
                                    authorisation,
                                    body,
                                );
                                recipient
                                    .try_send(message)
                                    .map(|_| {
                                        info!("Message sent ok");
                                        warp::reply::with_status("OK", warp::http::StatusCode::OK)
                                    })
                                    .map_err(|e| {
                                        warn!("Unknown error: {:?}", e);
                                        warp::reject()
                                    })
                            }
                            Err(e) => {
                                warn!(?e, "Failed to decode authorization header");
                                Err(warp::reject())
                            }
                        }
                    },
                )
            },
        );

    // Start the server
    info!("Starting webhook server: {}", socket_addr);
    warp::serve(route).run(socket_addr).await;
}

fn parse_auth(authorization_header: &warp::http::HeaderValue) -> Result<WebhookAuth, Rejection> {
    WebhookAuth::new(
        authorization_header
            .to_str()
            .map_err(|e| {
                warn!("Invalid non-ascii value in authorization: {:?}", e);
                warp::reject()
            }) // valid characters
            .map(|v| {
                info!("raw auth header: {}", v);
                v
            })?
            .strip_prefix("Basic ")
            .ok_or_else(|| {
                warn!("Authorization must be 'Basic'");
                warp::reject()
            })?, // must start with "Basic "
    )
    .map_err(|e| {
        warn!(?e, "decode error");
        warp::reject()
    })
}
refactor: extract repo-actor and gitforge crates 2024-05-22 08:41:30 +01:00			`//`
feat(server): allow specifying id address and port to bind to Closes kemitix/git-next#44 2024-05-10 22:01:47 +01:00			`use std::net::SocketAddr;`

feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00			`use actix::prelude::*;`

feat: Webhook query paths include forge alias This allows for more than one forge to be configured and for the webhook to correctly route incoming messages. 2024-05-29 19:22:05 +01:00			`use git_next_config::{ForgeAlias, RepoAlias};`
refactor: extract repo-actor and gitforge crates 2024-05-22 08:41:30 +01:00			`use git_next_repo_actor::webhook::{self, WebhookAuth, WebhookMessage};`
feat(server/webhook): log errors in webhook requests 2024-05-18 20:26:26 +01:00			`use tracing::{info, warn};`
fix(server): invalid webhook authorisations Parameters had been passed in wrong order. Added strong types to prevent a repeat. 2024-05-20 20:41:01 +01:00			`use warp::reject::Rejection;`
feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00
refactor: extract repo-actor and gitforge crates 2024-05-22 08:41:30 +01:00			`pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<WebhookMessage>) {`
feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00			`// start webhook server`
			`use warp::Filter;`
			`// Define the Warp route to handle incoming HTTP requests`
			`let route = warp::post()`
			`.map(move \|\| address.clone())`
			`.and(warp::path::param())`
feat: Webhook query paths include forge alias This allows for more than one forge to be configured and for the webhook to correctly route incoming messages. 2024-05-29 19:22:05 +01:00			`.and(warp::path::param())`
feat(server/webhook): only accept authorised messages Closes kemitix/git-next#47 2024-04-14 19:12:51 +01:00			`.and(warp::header::headers_cloned())`
feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00			`.and(warp::body::bytes())`
			`.and_then(`
			`\|recipient: Recipient<WebhookMessage>,`
feat: Webhook query paths include forge alias This allows for more than one forge to be configured and for the webhook to correctly route incoming messages. 2024-05-29 19:22:05 +01:00			`forge_alias: String,`
			`repo_alias: String,`
feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00			`// query: String,`
feat(server/webhook): only accept authorised messages Closes kemitix/git-next#47 2024-04-14 19:12:51 +01:00			`headers: warp::http::HeaderMap,`
feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00			`body: bytes::Bytes\| async move {`
feat(server/webhook): log errors in webhook requests 2024-05-18 20:26:26 +01:00			`info!("POST received");`
feat: Webhook query paths include forge alias This allows for more than one forge to be configured and for the webhook to correctly route incoming messages. 2024-05-29 19:22:05 +01:00			`let forge_alias = ForgeAlias::new(forge_alias);`
			`let repo_alias = RepoAlias::new(repo_alias);`
feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00			`let bytes = body.to_vec();`
refactor: extract repo-actor and gitforge crates 2024-05-22 08:41:30 +01:00			`let body = webhook::Body::new(String::from_utf8_lossy(&bytes).to_string());`
fix(server): invalid webhook authorisations Parameters had been passed in wrong order. Added strong types to prevent a repeat. 2024-05-20 20:41:01 +01:00			`headers.get("Authorization").map_or_else(`
			`\|\| {`
feat(server/webhook): log errors in webhook requests 2024-05-18 20:26:26 +01:00			`warn!("No Authorization header");`
			`Err(warp::reject())`
fix(server): invalid webhook authorisations Parameters had been passed in wrong order. Added strong types to prevent a repeat. 2024-05-20 20:41:01 +01:00			`},`
			`\|authorisation_header\| {`
feat: Webhook query paths include forge alias This allows for more than one forge to be configured and for the webhook to correctly route incoming messages. 2024-05-29 19:22:05 +01:00			`info!(`
			`forge = %forge_alias,`
			`repo = %repo_alias,`
			`?authorisation_header,`
			`"Received webhook",`
			`);`
			`// TODO: (#86) Authorization isn't presented consistently, allow each forge`
			`// to parse the authorization from the request`
fix(server): invalid webhook authorisations Parameters had been passed in wrong order. Added strong types to prevent a repeat. 2024-05-20 20:41:01 +01:00			`match parse_auth(authorisation_header) {`
			`Ok(authorisation) => {`
feat: Webhook query paths include forge alias This allows for more than one forge to be configured and for the webhook to correctly route incoming messages. 2024-05-29 19:22:05 +01:00			`let message = WebhookMessage::new(`
			`forge_alias,`
			`repo_alias,`
			`authorisation,`
			`body,`
			`);`
fix(server): invalid webhook authorisations Parameters had been passed in wrong order. Added strong types to prevent a repeat. 2024-05-20 20:41:01 +01:00			`recipient`
			`.try_send(message)`
			`.map(\|_\| {`
			`info!("Message sent ok");`
			`warp::reply::with_status("OK", warp::http::StatusCode::OK)`
			`})`
			`.map_err(\|e\| {`
			`warn!("Unknown error: {:?}", e);`
			`warp::reject()`
			`})`
			`}`
			`Err(e) => {`
			`warn!(?e, "Failed to decode authorization header");`
			`Err(warp::reject())`
			`}`
			`}`
			`},`
			`)`
feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00			`},`
			`);`

			`// Start the server`
feat(server): allow specifying id address and port to bind to Closes kemitix/git-next#44 2024-05-10 22:01:47 +01:00			`info!("Starting webhook server: {}", socket_addr);`
			`warp::serve(route).run(socket_addr).await;`
feat(server/webhook): add webhook server Closes kemitix/git-next#18 2024-04-13 16:16:09 +01:00			`}`
fix(server): invalid webhook authorisations Parameters had been passed in wrong order. Added strong types to prevent a repeat. 2024-05-20 20:41:01 +01:00
			`fn parse_auth(authorization_header: &warp::http::HeaderValue) -> Result<WebhookAuth, Rejection> {`
refactor: extract repo-actor and gitforge crates 2024-05-22 08:41:30 +01:00			`WebhookAuth::new(`
fix(server): invalid webhook authorisations Parameters had been passed in wrong order. Added strong types to prevent a repeat. 2024-05-20 20:41:01 +01:00			`authorization_header`
			`.to_str()`
			`.map_err(\|e\| {`
			`warn!("Invalid non-ascii value in authorization: {:?}", e);`
			`warp::reject()`
			`}) // valid characters`
			`.map(\|v\| {`
			`info!("raw auth header: {}", v);`
			`v`
			`})?`
			`.strip_prefix("Basic ")`
			`.ok_or_else(\|\| {`
			`warn!("Authorization must be 'Basic'");`
			`warp::reject()`
			`})?, // must start with "Basic "`
			`)`
			`.map_err(\|e\| {`
			`warn!(?e, "decode error");`
			`warp::reject()`
			`})`
			`}`