Compare commits

...

2 commits

Author SHA1 Message Date
ce4e92fdda WIP: fix invalid webhook authorisations
All checks were successful
ci/woodpecker/push/cron-docker-builder Pipeline was successful
ci/woodpecker/push/push-next Pipeline was successful
ci/woodpecker/push/tag-created Pipeline was successful
2024-05-21 08:37:49 +01:00
572da0d761 WIP: mock repository
All checks were successful
ci/woodpecker/push/cron-docker-builder Pipeline was successful
ci/woodpecker/push/push-next Pipeline was successful
ci/woodpecker/push/tag-created Pipeline was successful
2024-05-20 17:35:36 +01:00
25 changed files with 304 additions and 109 deletions

View file

@ -62,6 +62,7 @@ derive_more = { version = "1.0.0-beta.6", features = [
"deref",
"from",
] }
derive-with = "0.5"
# file watcher
inotify = "0.10"

View file

@ -40,9 +40,10 @@ secrecy = { workspace = true }
# bytes = { workspace = true }
# ulid = { workspace = true }
# warp = { workspace = true }
#
# # error handling
# boilerplate
derive_more = { workspace = true }
derive-with = { workspace = true }
#
# # file watcher
# inotify = { workspace = true }

View file

@ -9,3 +9,8 @@ impl secrecy::ExposeSecret<String> for ApiToken {
self.0.expose_secret()
}
}
impl Default for ApiToken {
fn default() -> Self {
Self("".to_string().into())
}
}

View file

@ -1,5 +1,5 @@
/// The name of a Branch
#[derive(Clone, Debug, Hash, PartialEq, Eq, derive_more::Display)]
#[derive(Clone, Default, Debug, Hash, PartialEq, Eq, derive_more::Display)]
pub struct BranchName(String);
impl BranchName {
pub fn new(str: impl Into<String>) -> Self {

View file

@ -1,7 +1,7 @@
use crate::{ApiToken, ForgeConfig, ForgeName, ForgeType, Hostname, User};
/// The derived information about a Forge, used to create interactions with it
#[derive(Clone, Debug, derive_more::Constructor)]
#[derive(Clone, Default, Debug, derive_more::Constructor, derive_with::With)]
pub struct ForgeDetails {
forge_name: ForgeName,
forge_type: ForgeType,
@ -27,11 +27,6 @@ impl ForgeDetails {
pub const fn token(&self) -> &ApiToken {
&self.token
}
pub fn with_hostname(self, hostname: Hostname) -> Self {
let mut me = self;
me.hostname = hostname;
me
}
}
impl From<(&ForgeName, &ForgeConfig)> for ForgeDetails {
fn from(forge: (&ForgeName, &ForgeConfig)) -> Self {

View file

@ -1,7 +1,7 @@
use std::path::PathBuf;
/// The name of a Forge to connect to
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
#[derive(Clone, Default, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct ForgeName(String);
impl From<&ForgeName> for PathBuf {
fn from(value: &ForgeName) -> Self {

View file

@ -1,5 +1,5 @@
/// Identifier for the type of Forge
#[derive(Clone, Copy, Debug, PartialEq, Eq, serde::Deserialize)]
#[derive(Clone, Default, Copy, Debug, PartialEq, Eq, serde::Deserialize)]
pub enum ForgeType {
#[cfg(feature = "forgejo")]
ForgeJo,
@ -7,6 +7,7 @@ pub enum ForgeType {
// GitHub,
// GitLab,
// BitBucket,
#[default]
MockForge,
}
impl std::fmt::Display for ForgeType {

View file

@ -1,7 +1,15 @@
use std::path::PathBuf;
#[derive(
Debug, Clone, PartialEq, Eq, serde::Deserialize, derive_more::Deref, derive_more::From,
Clone,
Default,
Debug,
Hash,
PartialEq,
Eq,
serde::Deserialize,
derive_more::Deref,
derive_more::From,
)]
pub struct GitDir(PathBuf);
impl GitDir {

View file

@ -1,5 +1,5 @@
/// The hostname of a forge
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Display)]
#[derive(Clone, Default, Debug, PartialEq, Eq, derive_more::Display)]
pub struct Hostname(String);
impl Hostname {
pub fn new(str: impl Into<String>) -> Self {

View file

@ -1,6 +1,6 @@
/// The alias of a repo
/// This is the alias for the repo within `git-next-server.toml`
#[derive(Clone, Debug, PartialEq, Eq, Hash, derive_more::Display)]
#[derive(Clone, Default, Debug, PartialEq, Eq, Hash, derive_more::Display)]
pub struct RepoAlias(String);
impl RepoAlias {
pub fn new(str: impl Into<String>) -> Self {

View file

@ -1,5 +1,5 @@
/// The path for the repo within the forge.
/// Typically this is composed of the user or organisation and the name of the repo
/// e.g. `{user}/{repo}`
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
#[derive(Clone, Default, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct RepoPath(String);

View file

@ -1,3 +1,3 @@
/// The user within the forge to connect as
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
#[derive(Clone, Default, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct User(String);

View file

@ -45,6 +45,7 @@ secrecy = { workspace = true }
# error handling
derive_more = { workspace = true }
derive-with = { workspace = true }
# # file watcher
# inotify = { workspace = true }
@ -54,9 +55,9 @@ derive_more = { workspace = true }
# actix-rt = { workspace = true }
# tokio = { workspace = true }
#
# [dev-dependencies]
# # Testing
# assert2 = { workspace = true }
[dev-dependencies]
# Testing
assert2 = { workspace = true }
[lints.clippy]
nursery = { level = "warn", priority = -1 }

View file

@ -6,7 +6,7 @@ use git_next_config::{
use super::{Generation, GitRemote};
/// The derived information about a repo, used to interact with it
#[derive(Clone, Debug, derive_more::Display)]
#[derive(Clone, Default, Debug, derive_more::Display, derive_with::With)]
#[display("gen-{}:{}:{}/{}:{}@{}/{}@{}", generation, forge.forge_type(),
forge.forge_name(), repo_alias, forge.user(), forge.hostname(), repo_path,
branch)]

View file

@ -1,17 +1,116 @@
use std::{
collections::HashMap,
sync::{Arc, Mutex},
};
use git_next_config::GitDir;
use crate::{
repository::{open::OpenRepository, Error, RepositoryLike},
RepoDetails,
repository::{
open::{OpenRepository, OpenRepositoryLike},
Direction, RepositoryLike, Result,
},
GitRemote, RepoDetails,
};
pub struct MockRepository;
impl RepositoryLike for MockRepository {
fn open(&self, _gitdir: &GitDir) -> Result<OpenRepository, Error> {
Ok(OpenRepository::Mock)
}
use super::Error;
fn git_clone(&self, _repo_details: &RepoDetails) -> Result<OpenRepository, Error> {
Ok(OpenRepository::Mock)
#[derive(Debug, Default, Clone)]
pub struct MockRepository(Arc<Mutex<Reality>>);
impl MockRepository {
pub fn new() -> Self {
Self(Arc::new(Mutex::new(Reality::default())))
}
pub fn can_open_repo(&mut self, gitdir: &GitDir) -> Result<MockOpenRepository> {
self.0
.lock()
.map_err(|_| Error::MockLock)
.map(|mut r| r.can_open_repo(gitdir))
}
fn open_repository(
&self,
gitdir: &GitDir,
) -> std::result::Result<MockOpenRepository, crate::repository::Error> {
self.0.lock().map_err(|_| Error::MockLock).and_then(|r| {
r.open_repository(gitdir)
.ok_or_else(|| Error::Open(format!("mock - could not open: {}", gitdir)))
})
}
fn clone_repository(
&self,
) -> std::result::Result<MockOpenRepository, crate::repository::Error> {
todo!()
}
}
impl RepositoryLike for MockRepository {
fn open(
&self,
gitdir: &GitDir,
) -> std::result::Result<OpenRepository, crate::repository::Error> {
Ok(OpenRepository::Mock(self.open_repository(gitdir)?))
}
fn git_clone(
&self,
_repo_details: &RepoDetails,
) -> std::result::Result<OpenRepository, crate::repository::Error> {
Ok(OpenRepository::Mock(self.clone_repository()?))
}
}
#[derive(Debug, Default)]
pub struct Reality {
openable_repos: HashMap<GitDir, MockOpenRepository>,
}
impl Reality {
pub fn can_open_repo(&mut self, gitdir: &GitDir) -> MockOpenRepository {
let mor = self.openable_repos.get(gitdir);
match mor {
Some(mor) => mor.clone(),
None => {
let mor = MockOpenRepository::default();
self.openable_repos.insert(gitdir.clone(), mor.clone());
mor
}
}
}
pub fn open_repository(&self, gitdir: &GitDir) -> Option<MockOpenRepository> {
self.openable_repos.get(gitdir).cloned()
}
}
#[derive(Clone, Debug, Default)]
pub struct MockOpenRepository {
default_push_remote: Option<GitRemote>,
default_fetch_remote: Option<GitRemote>,
}
impl MockOpenRepository {
pub fn has_default_remote(&mut self, direction: Direction, git_remote: GitRemote) {
match direction {
Direction::Push => self.default_push_remote.replace(git_remote),
Direction::Fetch => self.default_fetch_remote.replace(git_remote),
};
}
}
impl OpenRepositoryLike for MockOpenRepository {
fn find_default_remote(&self, direction: Direction) -> Option<GitRemote> {
match direction {
Direction::Push => self.default_push_remote.clone(),
Direction::Fetch => self.default_fetch_remote.clone(),
}
}
fn fetch(&self) -> std::prelude::v1::Result<(), crate::fetch::Error> {
todo!()
}
fn push(
&self,
_repo_details: &RepoDetails,
_branch_name: git_next_config::BranchName,
_to_commit: crate::GitRef,
_force: crate::push::Force,
) -> std::prelude::v1::Result<(), crate::push::Error> {
todo!()
}
}

View file

@ -9,23 +9,26 @@ use git_next_config::GitDir;
pub use open::OpenRepository;
use crate::repository::mock::MockRepository;
use super::RepoDetails;
#[derive(Clone, Copy, Debug)]
#[derive(Clone, Debug)]
pub enum Repository {
Real,
Mock,
Mock(MockRepository),
}
pub const fn new() -> Repository {
Repository::Real
}
pub const fn mock() -> Repository {
Repository::Mock
pub fn mock() -> (Repository, MockRepository) {
let mock_repository = MockRepository::new();
(Repository::Mock(mock_repository.clone()), mock_repository)
}
pub trait RepositoryLike {
fn open(&self, gitdir: &GitDir) -> Result<OpenRepository, Error>;
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error>;
fn open(&self, gitdir: &GitDir) -> Result<OpenRepository>;
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository>;
}
impl std::ops::Deref for Repository {
type Target = dyn RepositoryLike;
@ -33,7 +36,7 @@ impl std::ops::Deref for Repository {
fn deref(&self) -> &Self::Target {
match self {
Self::Real => &real::RealRepository,
Self::Mock => &mock::MockRepository,
Self::Mock(mock_repository) => mock_repository,
}
}
}
@ -54,6 +57,8 @@ impl From<Direction> for gix::remote::Direction {
}
}
pub type Result<T> = core::result::Result<T, Error>;
#[derive(Debug, derive_more::Display)]
pub enum Error {
InvalidGitDir(git_next_config::GitDir),
@ -64,6 +69,7 @@ pub enum Error {
Clone(String),
Open(String),
Fetch(String),
MockLock,
}
impl std::error::Error for Error {}
impl From<gix::clone::Error> for Error {

View file

@ -7,19 +7,22 @@ use git_next_config::BranchName;
use crate::{
fetch, push,
repository::{open::oreal::RealOpenRepository, Direction},
repository::{mock::MockOpenRepository, open::oreal::RealOpenRepository, Direction},
GitRef, GitRemote, RepoDetails,
};
#[derive(Clone, Debug)]
pub enum OpenRepository {
Real(oreal::RealOpenRepository),
Mock, // TODO: (#38) contain a mock model of a repo
Mock(MockOpenRepository), // TODO: (#38) contain a mock model of a repo
}
impl OpenRepository {
pub fn new(gix_repo: gix::Repository) -> Self {
pub fn real(gix_repo: gix::Repository) -> Self {
Self::Real(RealOpenRepository::new(Arc::new(Mutex::new(gix_repo))))
}
pub const fn mock(mock: MockOpenRepository) -> Self {
Self::Mock(mock)
}
}
pub trait OpenRepositoryLike {
fn find_default_remote(&self, direction: Direction) -> Option<GitRemote>;
@ -38,7 +41,7 @@ impl std::ops::Deref for OpenRepository {
fn deref(&self) -> &Self::Target {
match self {
Self::Real(real) => real,
Self::Mock => todo!(),
Self::Mock(mock) => mock,
}
}
}

View file

@ -12,7 +12,7 @@ pub struct RealRepository;
impl RepositoryLike for RealRepository {
fn open(&self, gitdir: &GitDir) -> Result<OpenRepository, Error> {
let gix_repo = gix::ThreadSafeRepository::open(gitdir.to_path_buf())?.to_thread_local();
Ok(OpenRepository::new(gix_repo))
Ok(OpenRepository::real(gix_repo))
}
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error> {
@ -23,6 +23,6 @@ impl RepositoryLike for RealRepository {
)?
.fetch_only(gix::progress::Discard, &AtomicBool::new(false))?;
Ok(OpenRepository::new(gix_repo))
Ok(OpenRepository::real(gix_repo))
}
}

View file

@ -160,3 +160,40 @@ mod repo_details {
);
}
}
mod repository {
use assert2::let_assert;
use git_next_config::{ForgeDetails, GitDir, Hostname, RepoPath};
use crate::{
repository::{self, Direction},
validate, GitRemote, RepoDetails,
};
#[test]
fn validate_should_ok_a_valid_repo() {
let forge_details =
ForgeDetails::default().with_hostname(Hostname::new("localhost".to_string()));
let repo_details = RepoDetails::default()
.with_forge(forge_details)
.with_repo_path(RepoPath::new("kemitix/test".to_string()));
let gitdir = GitDir::from("foo");
let remote = GitRemote::new(
Hostname::new("localhost"),
RepoPath::new("kemitix/test".to_string()),
);
let (repository, mut reality) = repository::mock();
let_assert!(
Ok(_) = reality.can_open_repo(&gitdir).map(|mut open_repo| {
open_repo.has_default_remote(Direction::Push, remote.clone());
open_repo.has_default_remote(Direction::Fetch, remote);
})
);
let_assert!(Ok(open_repository) = repository.open(&gitdir));
// FIXME: flaky test - failing 1 in 4 times - NoDefaultPushRemote
let_assert!(Ok(_) = validate(&open_repository, &repo_details));
}
// TODO: validate_should_fail_where_????
}

View file

@ -24,8 +24,9 @@ pub struct WebhookId(String);
pub struct WebhookAuth(ulid::Ulid);
impl WebhookAuth {
pub fn from_str(authorisation: &str) -> Result<Self, DecodeError> {
let id = ulid::Ulid::from_str(authorisation);
Ok(Self(id?))
let id = ulid::Ulid::from_str(authorisation)?;
info!("Parse auth token: {}", id);
Ok(Self(id))
}
fn generate() -> Self {
@ -186,11 +187,7 @@ impl Handler<WebhookMessage> for RepoActor {
warn!("Don't know what authorization to expect");
return;
};
let Some(received_authorization) = &msg.authorisation() else {
warn!("Missing authorization token");
return;
};
if received_authorization != expected_authorization {
if msg.authorisation() != expected_authorization {
warn!(
"Invalid authorization - expected {}",
expected_authorization
@ -198,11 +195,11 @@ impl Handler<WebhookMessage> for RepoActor {
return;
}
let id = msg.id();
let span = tracing::info_span!("handle", %id);
let span = tracing::info_span!("handle", ?id);
let _guard = span.enter();
let body = msg.body();
match serde_json::from_str::<Push>(body) {
Err(err) => warn!(?err, %body, "Not a 'push'"),
match serde_json::from_str::<Push>(body.as_str()) {
Err(err) => warn!(?err, ?body, "Not a 'push'"),
Ok(push) => {
if let Some(config) = &self.details.repo_config {
match push.branch(config.branches()) {
@ -262,6 +259,10 @@ impl Handler<WebhookMessage> for RepoActor {
}
}
pub fn split_ref(reference: &str) -> (&str, &str) {
reference.split_at(11)
}
#[derive(Debug, serde::Deserialize)]
struct Push {
#[serde(rename = "ref")]
@ -298,12 +299,8 @@ impl Push {
}
}
pub fn split_ref(reference: &str) -> (&str, &str) {
reference.split_at(11)
}
#[derive(Debug)]
enum Branch {
pub enum Branch {
Main,
Next,
Dev,

View file

@ -177,7 +177,7 @@ impl Server {
let server_storage = server_storage.clone();
let webhook = webhook.clone();
let net = self.net.clone();
let repo = self.repo;
let repo = self.repo.clone();
let generation = self.generation;
move |(repo_alias, server_repo_config)| {
let span = tracing::info_span!("create_actor", alias = %repo_alias, config = %server_repo_config);
@ -205,8 +205,13 @@ impl Server {
gitdir,
);
info!("Starting Repo Actor");
let actor =
RepoActor::new(repo_details, webhook.clone(), generation, net.clone(), repo);
let actor = RepoActor::new(
repo_details,
webhook.clone(),
generation,
net.clone(),
repo.clone(),
);
(forge_name.clone(), repo_alias, actor)
}
}

View file

@ -1,27 +1,41 @@
//
use actix::prelude::*;
use git_next_config::RepoAlias;
use ulid::Ulid;
use crate::actors::repo::webhook::WebhookAuth;
#[derive(Message, Debug, Clone, derive_more::Constructor)]
#[rtype(result = "()")]
pub struct WebhookMessage {
id: String,
path: String,
authorisation: String,
body: String,
id: Id,
// forge // TODO: differentiate between multiple forges
repo_alias: RepoAlias,
authorisation: WebhookAuth,
body: Body,
}
impl WebhookMessage {
pub const fn id(&self) -> &String {
pub const fn id(&self) -> &Id {
&self.id
}
pub const fn path(&self) -> &String {
&self.path
pub const fn repo_alias(&self) -> &RepoAlias {
&self.repo_alias
}
pub const fn body(&self) -> &String {
pub const fn body(&self) -> &Body {
&self.body
}
pub fn authorisation(&self) -> Option<WebhookAuth> {
WebhookAuth::from_str(&self.authorisation).ok()
pub const fn authorisation(&self) -> &WebhookAuth {
&self.authorisation
}
}
#[derive(Clone, Copy, Debug, derive_more::Constructor)]
pub struct Id(Ulid);
#[derive(Clone, Debug, derive_more::Constructor)]
pub struct Body(String);
impl Body {
pub fn as_str(&self) -> &str {
self.0.as_str()
}
}

View file

@ -28,9 +28,9 @@ impl Handler<WebhookMessage> for WebhookRouter {
fn handle(&mut self, msg: WebhookMessage, _ctx: &mut Self::Context) -> Self::Result {
let _gaurd = self.span.enter();
let repo_alias = RepoAlias::new(msg.path());
let repo_alias = msg.repo_alias();
debug!(repo = %repo_alias, "Router...");
if let Some(recipient) = self.repos.get(&repo_alias) {
if let Some(recipient) = self.repos.get(repo_alias) {
info!(repo = %repo_alias, "Sending to Recipient");
recipient.do_send(msg);
}

View file

@ -2,13 +2,18 @@ use std::net::SocketAddr;
use actix::prelude::*;
use git_next_config::RepoAlias;
use tracing::{info, warn};
use ulid::Ulid;
use warp::reject::Rejection;
use crate::actors::webhook::message::WebhookMessage;
use crate::actors::{repo::webhook::WebhookAuth, webhook::message::WebhookMessage};
use super::message;
pub async fn start(
socket_addr: SocketAddr,
address: actix::prelude::Recipient<super::message::WebhookMessage>,
address: actix::prelude::Recipient<message::WebhookMessage>,
) {
// start webhook server
use warp::Filter;
@ -21,45 +26,38 @@ pub async fn start(
.and(warp::body::bytes())
.and_then(
|recipient: Recipient<WebhookMessage>,
path,
path: String,
// query: String,
headers: warp::http::HeaderMap,
body: bytes::Bytes| async move {
info!("POST received");
let repo_alias = RepoAlias::new(path);
let bytes = body.to_vec();
let request_data = String::from_utf8_lossy(&bytes).to_string();
let id = ulid::Ulid::new().to_string();
let body = message::Body::new(String::from_utf8_lossy(&bytes).to_string());
let id = message::Id::new(Ulid::new());
match headers.get("Authorization") {
Some(auhorisation) => {
info!(id, path, "Received webhook");
let authorisation = auhorisation
.to_str()
.map_err(|e| {
warn!("Invalid value in authorization: {:?}", e);
warp::reject()
})? // valid characters
.strip_prefix("Basic ")
.ok_or_else(|| {
warn!("Authorization must be 'Basic'");
warp::reject()
})? // must start with "Basic "
.to_string();
let message = WebhookMessage::new(
id,
path,
/* query, headers, */ request_data,
authorisation,
);
recipient
.try_send(message)
.map(|_| {
info!("Message sent ok");
warp::reply::with_status("OK", warp::http::StatusCode::OK)
})
.map_err(|e| {
warn!("Unknown error: {:?}", e);
warp::reject()
})
Some(authorisation_header) => {
info!(?id, ?repo_alias, ?authorisation_header, "Received webhook",);
match parse_auth(authorisation_header) {
Ok(authorisation) => {
let message =
WebhookMessage::new(id, repo_alias, authorisation, body);
recipient
.try_send(message)
.map(|_| {
info!("Message sent ok");
warp::reply::with_status("OK", warp::http::StatusCode::OK)
})
.map_err(|e| {
warn!("Unknown error: {:?}", e);
warp::reject()
})
}
Err(e) => {
warn!(?e, "Failed to decode authorization header");
Err(warp::reject())
}
}
}
_ => {
warn!("No Authorization header");
@ -73,3 +71,27 @@ pub async fn start(
info!("Starting webhook server: {}", socket_addr);
warp::serve(route).run(socket_addr).await;
}
fn parse_auth(authorization_header: &warp::http::HeaderValue) -> Result<WebhookAuth, Rejection> {
WebhookAuth::from_str(
authorization_header
.to_str()
.map_err(|e| {
warn!("Invalid non-ascii value in authorization: {:?}", e);
warp::reject()
}) // valid characters
.map(|v| {
info!("raw auth header: {}", v);
v
})?
.strip_prefix("Basic ")
.ok_or_else(|| {
warn!("Authorization must be 'Basic'");
warp::reject()
})?, // must start with "Basic "
)
.map_err(|e| {
warn!(?e, "decode error");
warp::reject()
})
}

View file

@ -13,7 +13,7 @@ fn test_name() {
panic!("fs")
};
let net = Network::new_mock();
let repo = git::repository::mock();
let (repo, _reality) = git::repository::mock();
let repo_details = common::repo_details(
1,
Generation::new(),
@ -40,7 +40,7 @@ async fn test_branches_get() {
let body = include_str!("./data-forgejo-branches-get.json");
net.add_get_response(&url, StatusCode::OK, body);
let net = Network::from(net);
let repo = git::repository::mock();
let (repo, _reality) = git::repository::mock();
let repo_details = common::repo_details(
1,