Compare commits

...

2 commits

Author SHA1 Message Date
b04c17dc15 WIP: mock repository
All checks were successful
ci/woodpecker/push/cron-docker-builder Pipeline was successful
ci/woodpecker/push/push-next Pipeline was successful
ci/woodpecker/push/tag-created Pipeline was successful
2024-05-21 08:58:45 +01:00
5176e3e8c7 fix(server): invalid webhook authorisations
Some checks failed
ci/woodpecker/push/cron-docker-builder Pipeline was successful
ci/woodpecker/push/push-next Pipeline failed
ci/woodpecker/push/tag-created Pipeline was successful
Rust / build (push) Successful in 1m4s
Parameters had been passed in wrong order. Added strong types to prevent
a repeat.
2024-05-21 08:58:45 +01:00
25 changed files with 300 additions and 119 deletions

View file

@ -3,7 +3,7 @@ resolver = "2"
members = ["crates/cli", "crates/server", "crates/config", "crates/git"] members = ["crates/cli", "crates/server", "crates/config", "crates/git"]
[workspace.package] [workspace.package]
version = "0.5.0" version = "0.5.1"
edition = "2021" edition = "2021"
[workspace.lints.clippy] [workspace.lints.clippy]
@ -62,6 +62,7 @@ derive_more = { version = "1.0.0-beta.6", features = [
"deref", "deref",
"from", "from",
] } ] }
derive-with = "0.5"
# file watcher # file watcher
inotify = "0.10" inotify = "0.10"

View file

@ -40,9 +40,10 @@ secrecy = { workspace = true }
# bytes = { workspace = true } # bytes = { workspace = true }
# ulid = { workspace = true } # ulid = { workspace = true }
# warp = { workspace = true } # warp = { workspace = true }
#
# # error handling # boilerplate
derive_more = { workspace = true } derive_more = { workspace = true }
derive-with = { workspace = true }
# #
# # file watcher # # file watcher
# inotify = { workspace = true } # inotify = { workspace = true }

View file

@ -9,3 +9,8 @@ impl secrecy::ExposeSecret<String> for ApiToken {
self.0.expose_secret() self.0.expose_secret()
} }
} }
impl Default for ApiToken {
fn default() -> Self {
Self("".to_string().into())
}
}

View file

@ -1,5 +1,5 @@
/// The name of a Branch /// The name of a Branch
#[derive(Clone, Debug, Hash, PartialEq, Eq, derive_more::Display)] #[derive(Clone, Default, Debug, Hash, PartialEq, Eq, derive_more::Display)]
pub struct BranchName(String); pub struct BranchName(String);
impl BranchName { impl BranchName {
pub fn new(str: impl Into<String>) -> Self { pub fn new(str: impl Into<String>) -> Self {

View file

@ -1,7 +1,7 @@
use crate::{ApiToken, ForgeConfig, ForgeName, ForgeType, Hostname, User}; use crate::{ApiToken, ForgeConfig, ForgeName, ForgeType, Hostname, User};
/// The derived information about a Forge, used to create interactions with it /// The derived information about a Forge, used to create interactions with it
#[derive(Clone, Debug, derive_more::Constructor)] #[derive(Clone, Default, Debug, derive_more::Constructor, derive_with::With)]
pub struct ForgeDetails { pub struct ForgeDetails {
forge_name: ForgeName, forge_name: ForgeName,
forge_type: ForgeType, forge_type: ForgeType,
@ -27,11 +27,6 @@ impl ForgeDetails {
pub const fn token(&self) -> &ApiToken { pub const fn token(&self) -> &ApiToken {
&self.token &self.token
} }
pub fn with_hostname(self, hostname: Hostname) -> Self {
let mut me = self;
me.hostname = hostname;
me
}
} }
impl From<(&ForgeName, &ForgeConfig)> for ForgeDetails { impl From<(&ForgeName, &ForgeConfig)> for ForgeDetails {
fn from(forge: (&ForgeName, &ForgeConfig)) -> Self { fn from(forge: (&ForgeName, &ForgeConfig)) -> Self {

View file

@ -1,7 +1,7 @@
use std::path::PathBuf; use std::path::PathBuf;
/// The name of a Forge to connect to /// The name of a Forge to connect to
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)] #[derive(Clone, Default, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct ForgeName(String); pub struct ForgeName(String);
impl From<&ForgeName> for PathBuf { impl From<&ForgeName> for PathBuf {
fn from(value: &ForgeName) -> Self { fn from(value: &ForgeName) -> Self {

View file

@ -1,5 +1,5 @@
/// Identifier for the type of Forge /// Identifier for the type of Forge
#[derive(Clone, Copy, Debug, PartialEq, Eq, serde::Deserialize)] #[derive(Clone, Default, Copy, Debug, PartialEq, Eq, serde::Deserialize)]
pub enum ForgeType { pub enum ForgeType {
#[cfg(feature = "forgejo")] #[cfg(feature = "forgejo")]
ForgeJo, ForgeJo,
@ -7,6 +7,7 @@ pub enum ForgeType {
// GitHub, // GitHub,
// GitLab, // GitLab,
// BitBucket, // BitBucket,
#[default]
MockForge, MockForge,
} }
impl std::fmt::Display for ForgeType { impl std::fmt::Display for ForgeType {

View file

@ -1,7 +1,15 @@
use std::path::PathBuf; use std::path::PathBuf;
#[derive( #[derive(
Debug, Clone, PartialEq, Eq, serde::Deserialize, derive_more::Deref, derive_more::From, Clone,
Default,
Debug,
Hash,
PartialEq,
Eq,
serde::Deserialize,
derive_more::Deref,
derive_more::From,
)] )]
pub struct GitDir(PathBuf); pub struct GitDir(PathBuf);
impl GitDir { impl GitDir {

View file

@ -1,5 +1,5 @@
/// The hostname of a forge /// The hostname of a forge
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Display)] #[derive(Clone, Default, Debug, PartialEq, Eq, derive_more::Display)]
pub struct Hostname(String); pub struct Hostname(String);
impl Hostname { impl Hostname {
pub fn new(str: impl Into<String>) -> Self { pub fn new(str: impl Into<String>) -> Self {

View file

@ -1,6 +1,6 @@
/// The alias of a repo /// The alias of a repo
/// This is the alias for the repo within `git-next-server.toml` /// This is the alias for the repo within `git-next-server.toml`
#[derive(Clone, Debug, PartialEq, Eq, Hash, derive_more::Display)] #[derive(Clone, Default, Debug, PartialEq, Eq, Hash, derive_more::Display)]
pub struct RepoAlias(String); pub struct RepoAlias(String);
impl RepoAlias { impl RepoAlias {
pub fn new(str: impl Into<String>) -> Self { pub fn new(str: impl Into<String>) -> Self {

View file

@ -1,5 +1,5 @@
/// The path for the repo within the forge. /// The path for the repo within the forge.
/// Typically this is composed of the user or organisation and the name of the repo /// Typically this is composed of the user or organisation and the name of the repo
/// e.g. `{user}/{repo}` /// e.g. `{user}/{repo}`
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)] #[derive(Clone, Default, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct RepoPath(String); pub struct RepoPath(String);

View file

@ -1,3 +1,3 @@
/// The user within the forge to connect as /// The user within the forge to connect as
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)] #[derive(Clone, Default, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct User(String); pub struct User(String);

View file

@ -45,6 +45,7 @@ secrecy = { workspace = true }
# error handling # error handling
derive_more = { workspace = true } derive_more = { workspace = true }
derive-with = { workspace = true }
# # file watcher # # file watcher
# inotify = { workspace = true } # inotify = { workspace = true }
@ -54,9 +55,9 @@ derive_more = { workspace = true }
# actix-rt = { workspace = true } # actix-rt = { workspace = true }
# tokio = { workspace = true } # tokio = { workspace = true }
# #
# [dev-dependencies] [dev-dependencies]
# # Testing # Testing
# assert2 = { workspace = true } assert2 = { workspace = true }
[lints.clippy] [lints.clippy]
nursery = { level = "warn", priority = -1 } nursery = { level = "warn", priority = -1 }

View file

@ -6,7 +6,7 @@ use git_next_config::{
use super::{Generation, GitRemote}; use super::{Generation, GitRemote};
/// The derived information about a repo, used to interact with it /// The derived information about a repo, used to interact with it
#[derive(Clone, Debug, derive_more::Display)] #[derive(Clone, Default, Debug, derive_more::Display, derive_with::With)]
#[display("gen-{}:{}:{}/{}:{}@{}/{}@{}", generation, forge.forge_type(), #[display("gen-{}:{}:{}/{}:{}@{}/{}@{}", generation, forge.forge_type(),
forge.forge_name(), repo_alias, forge.user(), forge.hostname(), repo_path, forge.forge_name(), repo_alias, forge.user(), forge.hostname(), repo_path,
branch)] branch)]

View file

@ -1,17 +1,116 @@
use std::{
collections::HashMap,
sync::{Arc, Mutex},
};
use git_next_config::GitDir; use git_next_config::GitDir;
use crate::{ use crate::{
repository::{open::OpenRepository, Error, RepositoryLike}, repository::{
RepoDetails, open::{OpenRepository, OpenRepositoryLike},
Direction, RepositoryLike, Result,
},
GitRemote, RepoDetails,
}; };
pub struct MockRepository; use super::Error;
#[derive(Debug, Default, Clone)]
pub struct MockRepository(Arc<Mutex<Reality>>);
impl MockRepository {
pub fn new() -> Self {
Self(Arc::new(Mutex::new(Reality::default())))
}
pub fn can_open_repo(&mut self, gitdir: &GitDir) -> Result<MockOpenRepository> {
self.0
.lock()
.map_err(|_| Error::MockLock)
.map(|mut r| r.can_open_repo(gitdir))
}
fn open_repository(
&self,
gitdir: &GitDir,
) -> std::result::Result<MockOpenRepository, crate::repository::Error> {
self.0.lock().map_err(|_| Error::MockLock).and_then(|r| {
r.open_repository(gitdir)
.ok_or_else(|| Error::Open(format!("mock - could not open: {}", gitdir)))
})
}
fn clone_repository(
&self,
) -> std::result::Result<MockOpenRepository, crate::repository::Error> {
todo!()
}
}
impl RepositoryLike for MockRepository { impl RepositoryLike for MockRepository {
fn open(&self, _gitdir: &GitDir) -> Result<OpenRepository, Error> { fn open(
Ok(OpenRepository::Mock) &self,
gitdir: &GitDir,
) -> std::result::Result<OpenRepository, crate::repository::Error> {
Ok(OpenRepository::Mock(self.open_repository(gitdir)?))
} }
fn git_clone(&self, _repo_details: &RepoDetails) -> Result<OpenRepository, Error> { fn git_clone(
Ok(OpenRepository::Mock) &self,
_repo_details: &RepoDetails,
) -> std::result::Result<OpenRepository, crate::repository::Error> {
Ok(OpenRepository::Mock(self.clone_repository()?))
}
}
#[derive(Debug, Default)]
pub struct Reality {
openable_repos: HashMap<GitDir, MockOpenRepository>,
}
impl Reality {
pub fn can_open_repo(&mut self, gitdir: &GitDir) -> MockOpenRepository {
let mor = self.openable_repos.get(gitdir);
match mor {
Some(mor) => mor.clone(),
None => {
let mor = MockOpenRepository::default();
self.openable_repos.insert(gitdir.clone(), mor.clone());
mor
}
}
}
pub fn open_repository(&self, gitdir: &GitDir) -> Option<MockOpenRepository> {
self.openable_repos.get(gitdir).cloned()
}
}
#[derive(Clone, Debug, Default)]
pub struct MockOpenRepository {
default_push_remote: Option<GitRemote>,
default_fetch_remote: Option<GitRemote>,
}
impl MockOpenRepository {
pub fn has_default_remote(&mut self, direction: Direction, git_remote: GitRemote) {
match direction {
Direction::Push => self.default_push_remote.replace(git_remote),
Direction::Fetch => self.default_fetch_remote.replace(git_remote),
};
}
}
impl OpenRepositoryLike for MockOpenRepository {
fn find_default_remote(&self, direction: Direction) -> Option<GitRemote> {
match direction {
Direction::Push => self.default_push_remote.clone(),
Direction::Fetch => self.default_fetch_remote.clone(),
}
}
fn fetch(&self) -> std::prelude::v1::Result<(), crate::fetch::Error> {
todo!()
}
fn push(
&self,
_repo_details: &RepoDetails,
_branch_name: git_next_config::BranchName,
_to_commit: crate::GitRef,
_force: crate::push::Force,
) -> std::prelude::v1::Result<(), crate::push::Error> {
todo!()
} }
} }

View file

@ -9,23 +9,26 @@ use git_next_config::GitDir;
pub use open::OpenRepository; pub use open::OpenRepository;
use crate::repository::mock::MockRepository;
use super::RepoDetails; use super::RepoDetails;
#[derive(Clone, Copy, Debug)] #[derive(Clone, Debug)]
pub enum Repository { pub enum Repository {
Real, Real,
Mock, Mock(MockRepository),
} }
pub const fn new() -> Repository { pub const fn new() -> Repository {
Repository::Real Repository::Real
} }
pub const fn mock() -> Repository { pub fn mock() -> (Repository, MockRepository) {
Repository::Mock let mock_repository = MockRepository::new();
(Repository::Mock(mock_repository.clone()), mock_repository)
} }
pub trait RepositoryLike { pub trait RepositoryLike {
fn open(&self, gitdir: &GitDir) -> Result<OpenRepository, Error>; fn open(&self, gitdir: &GitDir) -> Result<OpenRepository>;
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error>; fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository>;
} }
impl std::ops::Deref for Repository { impl std::ops::Deref for Repository {
type Target = dyn RepositoryLike; type Target = dyn RepositoryLike;
@ -33,7 +36,7 @@ impl std::ops::Deref for Repository {
fn deref(&self) -> &Self::Target { fn deref(&self) -> &Self::Target {
match self { match self {
Self::Real => &real::RealRepository, Self::Real => &real::RealRepository,
Self::Mock => &mock::MockRepository, Self::Mock(mock_repository) => mock_repository,
} }
} }
} }
@ -54,6 +57,8 @@ impl From<Direction> for gix::remote::Direction {
} }
} }
pub type Result<T> = core::result::Result<T, Error>;
#[derive(Debug, derive_more::Display)] #[derive(Debug, derive_more::Display)]
pub enum Error { pub enum Error {
InvalidGitDir(git_next_config::GitDir), InvalidGitDir(git_next_config::GitDir),
@ -64,6 +69,7 @@ pub enum Error {
Clone(String), Clone(String),
Open(String), Open(String),
Fetch(String), Fetch(String),
MockLock,
} }
impl std::error::Error for Error {} impl std::error::Error for Error {}
impl From<gix::clone::Error> for Error { impl From<gix::clone::Error> for Error {

View file

@ -7,19 +7,22 @@ use git_next_config::BranchName;
use crate::{ use crate::{
fetch, push, fetch, push,
repository::{open::oreal::RealOpenRepository, Direction}, repository::{mock::MockOpenRepository, open::oreal::RealOpenRepository, Direction},
GitRef, GitRemote, RepoDetails, GitRef, GitRemote, RepoDetails,
}; };
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub enum OpenRepository { pub enum OpenRepository {
Real(oreal::RealOpenRepository), Real(oreal::RealOpenRepository),
Mock, // TODO: (#38) contain a mock model of a repo Mock(MockOpenRepository), // TODO: (#38) contain a mock model of a repo
} }
impl OpenRepository { impl OpenRepository {
pub fn new(gix_repo: gix::Repository) -> Self { pub fn real(gix_repo: gix::Repository) -> Self {
Self::Real(RealOpenRepository::new(Arc::new(Mutex::new(gix_repo)))) Self::Real(RealOpenRepository::new(Arc::new(Mutex::new(gix_repo))))
} }
pub const fn mock(mock: MockOpenRepository) -> Self {
Self::Mock(mock)
}
} }
pub trait OpenRepositoryLike { pub trait OpenRepositoryLike {
fn find_default_remote(&self, direction: Direction) -> Option<GitRemote>; fn find_default_remote(&self, direction: Direction) -> Option<GitRemote>;
@ -38,7 +41,7 @@ impl std::ops::Deref for OpenRepository {
fn deref(&self) -> &Self::Target { fn deref(&self) -> &Self::Target {
match self { match self {
Self::Real(real) => real, Self::Real(real) => real,
Self::Mock => todo!(), Self::Mock(mock) => mock,
} }
} }
} }

View file

@ -12,7 +12,7 @@ pub struct RealRepository;
impl RepositoryLike for RealRepository { impl RepositoryLike for RealRepository {
fn open(&self, gitdir: &GitDir) -> Result<OpenRepository, Error> { fn open(&self, gitdir: &GitDir) -> Result<OpenRepository, Error> {
let gix_repo = gix::ThreadSafeRepository::open(gitdir.to_path_buf())?.to_thread_local(); let gix_repo = gix::ThreadSafeRepository::open(gitdir.to_path_buf())?.to_thread_local();
Ok(OpenRepository::new(gix_repo)) Ok(OpenRepository::real(gix_repo))
} }
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error> { fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error> {
@ -23,6 +23,6 @@ impl RepositoryLike for RealRepository {
)? )?
.fetch_only(gix::progress::Discard, &AtomicBool::new(false))?; .fetch_only(gix::progress::Discard, &AtomicBool::new(false))?;
Ok(OpenRepository::new(gix_repo)) Ok(OpenRepository::real(gix_repo))
} }
} }

View file

@ -160,3 +160,40 @@ mod repo_details {
); );
} }
} }
mod repository {
use assert2::let_assert;
use git_next_config::{ForgeDetails, GitDir, Hostname, RepoPath};
use crate::{
repository::{self, Direction},
validate, GitRemote, RepoDetails,
};
#[test]
fn validate_should_ok_a_valid_repo() {
let forge_details =
ForgeDetails::default().with_hostname(Hostname::new("localhost".to_string()));
let repo_details = RepoDetails::default()
.with_forge(forge_details)
.with_repo_path(RepoPath::new("kemitix/test".to_string()));
let gitdir = GitDir::from("foo");
let remote = GitRemote::new(
Hostname::new("localhost"),
RepoPath::new("kemitix/test".to_string()),
);
let (repository, mut reality) = repository::mock();
let_assert!(
Ok(_) = reality.can_open_repo(&gitdir).map(|mut open_repo| {
open_repo.has_default_remote(Direction::Push, remote.clone());
open_repo.has_default_remote(Direction::Fetch, remote);
})
);
let_assert!(Ok(open_repository) = repository.open(&gitdir));
// FIXME: flaky test - failing 1 in 4 times - NoDefaultPushRemote
let_assert!(Ok(_) = validate(&open_repository, &repo_details));
}
// TODO: validate_should_fail_where_????
}

View file

@ -24,8 +24,9 @@ pub struct WebhookId(String);
pub struct WebhookAuth(ulid::Ulid); pub struct WebhookAuth(ulid::Ulid);
impl WebhookAuth { impl WebhookAuth {
pub fn from_str(authorisation: &str) -> Result<Self, DecodeError> { pub fn from_str(authorisation: &str) -> Result<Self, DecodeError> {
let id = ulid::Ulid::from_str(authorisation); let id = ulid::Ulid::from_str(authorisation)?;
Ok(Self(id?)) info!("Parse auth token: {}", id);
Ok(Self(id))
} }
fn generate() -> Self { fn generate() -> Self {
@ -186,23 +187,16 @@ impl Handler<WebhookMessage> for RepoActor {
warn!("Don't know what authorization to expect"); warn!("Don't know what authorization to expect");
return; return;
}; };
let Some(received_authorization) = &msg.authorisation() else { if msg.authorisation() != expected_authorization {
warn!("Missing authorization token");
return;
};
if received_authorization != expected_authorization {
warn!( warn!(
"Invalid authorization - expected {}", "Invalid authorization - expected {}",
expected_authorization expected_authorization
); );
return; return;
} }
let id = msg.id();
let span = tracing::info_span!("handle", %id);
let _guard = span.enter();
let body = msg.body(); let body = msg.body();
match serde_json::from_str::<Push>(body) { match serde_json::from_str::<Push>(body.as_str()) {
Err(err) => warn!(?err, %body, "Not a 'push'"), Err(err) => warn!(?err, ?body, "Not a 'push'"),
Ok(push) => { Ok(push) => {
if let Some(config) = &self.details.repo_config { if let Some(config) = &self.details.repo_config {
match push.branch(config.branches()) { match push.branch(config.branches()) {
@ -262,6 +256,10 @@ impl Handler<WebhookMessage> for RepoActor {
} }
} }
pub fn split_ref(reference: &str) -> (&str, &str) {
reference.split_at(11)
}
#[derive(Debug, serde::Deserialize)] #[derive(Debug, serde::Deserialize)]
struct Push { struct Push {
#[serde(rename = "ref")] #[serde(rename = "ref")]
@ -298,12 +296,8 @@ impl Push {
} }
} }
pub fn split_ref(reference: &str) -> (&str, &str) {
reference.split_at(11)
}
#[derive(Debug)] #[derive(Debug)]
enum Branch { pub enum Branch {
Main, Main,
Next, Next,
Dev, Dev,

View file

@ -177,7 +177,7 @@ impl Server {
let server_storage = server_storage.clone(); let server_storage = server_storage.clone();
let webhook = webhook.clone(); let webhook = webhook.clone();
let net = self.net.clone(); let net = self.net.clone();
let repo = self.repo; let repo = self.repo.clone();
let generation = self.generation; let generation = self.generation;
move |(repo_alias, server_repo_config)| { move |(repo_alias, server_repo_config)| {
let span = tracing::info_span!("create_actor", alias = %repo_alias, config = %server_repo_config); let span = tracing::info_span!("create_actor", alias = %repo_alias, config = %server_repo_config);
@ -205,8 +205,13 @@ impl Server {
gitdir, gitdir,
); );
info!("Starting Repo Actor"); info!("Starting Repo Actor");
let actor = let actor = RepoActor::new(
RepoActor::new(repo_details, webhook.clone(), generation, net.clone(), repo); repo_details,
webhook.clone(),
generation,
net.clone(),
repo.clone(),
);
(forge_name.clone(), repo_alias, actor) (forge_name.clone(), repo_alias, actor)
} }
} }

View file

@ -1,27 +1,33 @@
// //
use actix::prelude::*; use actix::prelude::*;
use git_next_config::RepoAlias;
use crate::actors::repo::webhook::WebhookAuth; use crate::actors::repo::webhook::WebhookAuth;
#[derive(Message, Debug, Clone, derive_more::Constructor)] #[derive(Message, Debug, Clone, derive_more::Constructor)]
#[rtype(result = "()")] #[rtype(result = "()")]
pub struct WebhookMessage { pub struct WebhookMessage {
id: String, // forge // TODO: differentiate between multiple forges
path: String, repo_alias: RepoAlias,
authorisation: String, authorisation: WebhookAuth,
body: String, body: Body,
} }
impl WebhookMessage { impl WebhookMessage {
pub const fn id(&self) -> &String { pub const fn repo_alias(&self) -> &RepoAlias {
&self.id &self.repo_alias
} }
pub const fn path(&self) -> &String { pub const fn body(&self) -> &Body {
&self.path
}
pub const fn body(&self) -> &String {
&self.body &self.body
} }
pub fn authorisation(&self) -> Option<WebhookAuth> { pub const fn authorisation(&self) -> &WebhookAuth {
WebhookAuth::from_str(&self.authorisation).ok() &self.authorisation
}
}
#[derive(Clone, Debug, derive_more::Constructor)]
pub struct Body(String);
impl Body {
pub fn as_str(&self) -> &str {
self.0.as_str()
} }
} }

View file

@ -28,9 +28,9 @@ impl Handler<WebhookMessage> for WebhookRouter {
fn handle(&mut self, msg: WebhookMessage, _ctx: &mut Self::Context) -> Self::Result { fn handle(&mut self, msg: WebhookMessage, _ctx: &mut Self::Context) -> Self::Result {
let _gaurd = self.span.enter(); let _gaurd = self.span.enter();
let repo_alias = RepoAlias::new(msg.path()); let repo_alias = msg.repo_alias();
debug!(repo = %repo_alias, "Router..."); debug!(repo = %repo_alias, "Router...");
if let Some(recipient) = self.repos.get(&repo_alias) { if let Some(recipient) = self.repos.get(repo_alias) {
info!(repo = %repo_alias, "Sending to Recipient"); info!(repo = %repo_alias, "Sending to Recipient");
recipient.do_send(msg); recipient.do_send(msg);
} }

View file

@ -2,13 +2,17 @@ use std::net::SocketAddr;
use actix::prelude::*; use actix::prelude::*;
use git_next_config::RepoAlias;
use tracing::{info, warn}; use tracing::{info, warn};
use warp::reject::Rejection;
use crate::actors::webhook::message::WebhookMessage; use crate::actors::{repo::webhook::WebhookAuth, webhook::message::WebhookMessage};
use super::message;
pub async fn start( pub async fn start(
socket_addr: SocketAddr, socket_addr: SocketAddr,
address: actix::prelude::Recipient<super::message::WebhookMessage>, address: actix::prelude::Recipient<message::WebhookMessage>,
) { ) {
// start webhook server // start webhook server
use warp::Filter; use warp::Filter;
@ -21,35 +25,24 @@ pub async fn start(
.and(warp::body::bytes()) .and(warp::body::bytes())
.and_then( .and_then(
|recipient: Recipient<WebhookMessage>, |recipient: Recipient<WebhookMessage>,
path, path: String,
// query: String, // query: String,
headers: warp::http::HeaderMap, headers: warp::http::HeaderMap,
body: bytes::Bytes| async move { body: bytes::Bytes| async move {
info!("POST received"); info!("POST received");
let repo_alias = RepoAlias::new(path);
let bytes = body.to_vec(); let bytes = body.to_vec();
let request_data = String::from_utf8_lossy(&bytes).to_string(); let body = message::Body::new(String::from_utf8_lossy(&bytes).to_string());
let id = ulid::Ulid::new().to_string(); headers.get("Authorization").map_or_else(
match headers.get("Authorization") { || {
Some(auhorisation) => { warn!("No Authorization header");
info!(id, path, "Received webhook"); Err(warp::reject())
let authorisation = auhorisation },
.to_str() |authorisation_header| {
.map_err(|e| { info!(?repo_alias, ?authorisation_header, "Received webhook",);
warn!("Invalid value in authorization: {:?}", e); match parse_auth(authorisation_header) {
warp::reject() Ok(authorisation) => {
})? // valid characters let message = WebhookMessage::new(repo_alias, authorisation, body);
.strip_prefix("Basic ")
.ok_or_else(|| {
warn!("Authorization must be 'Basic'");
warp::reject()
})? // must start with "Basic "
.to_string();
let message = WebhookMessage::new(
id,
path,
/* query, headers, */ request_data,
authorisation,
);
recipient recipient
.try_send(message) .try_send(message)
.map(|_| { .map(|_| {
@ -61,15 +54,41 @@ pub async fn start(
warp::reject() warp::reject()
}) })
} }
_ => { Err(e) => {
warn!("No Authorization header"); warn!(?e, "Failed to decode authorization header");
Err(warp::reject()) Err(warp::reject())
} }
} }
}, },
)
},
); );
// Start the server // Start the server
info!("Starting webhook server: {}", socket_addr); info!("Starting webhook server: {}", socket_addr);
warp::serve(route).run(socket_addr).await; warp::serve(route).run(socket_addr).await;
} }
fn parse_auth(authorization_header: &warp::http::HeaderValue) -> Result<WebhookAuth, Rejection> {
WebhookAuth::from_str(
authorization_header
.to_str()
.map_err(|e| {
warn!("Invalid non-ascii value in authorization: {:?}", e);
warp::reject()
}) // valid characters
.map(|v| {
info!("raw auth header: {}", v);
v
})?
.strip_prefix("Basic ")
.ok_or_else(|| {
warn!("Authorization must be 'Basic'");
warp::reject()
})?, // must start with "Basic "
)
.map_err(|e| {
warn!(?e, "decode error");
warp::reject()
})
}

View file

@ -13,7 +13,7 @@ fn test_name() {
panic!("fs") panic!("fs")
}; };
let net = Network::new_mock(); let net = Network::new_mock();
let repo = git::repository::mock(); let (repo, _reality) = git::repository::mock();
let repo_details = common::repo_details( let repo_details = common::repo_details(
1, 1,
Generation::new(), Generation::new(),
@ -40,7 +40,7 @@ async fn test_branches_get() {
let body = include_str!("./data-forgejo-branches-get.json"); let body = include_str!("./data-forgejo-branches-get.json");
net.add_get_response(&url, StatusCode::OK, body); net.add_get_response(&url, StatusCode::OK, body);
let net = Network::from(net); let net = Network::from(net);
let repo = git::repository::mock(); let (repo, _reality) = git::repository::mock();
let repo_details = common::repo_details( let repo_details = common::repo_details(
1, 1,