Mercurial > prosody-modules
annotate mod_pubsub_github/README.markdown @ 5682:527c747711f3
mod_http_oauth2: Limit revocation to clients own tokens in strict mode
RFC 7009 section 2.1 states:
> The authorization server first validates the client credentials (in
> case of a confidential client) and then verifies whether the token was
> issued to the client making the revocation request. If this
> validation fails, the request is refused and the client is informed of
> the error by the authorization server as described below.
The first part was already covered (in strict mode). This adds the later
part using the hash of client_id recorded in 0860497152af
It still seems weird to me that revoking a leaked token should not be
allowed whoever might have discovered it, as that seems the responsible
thing to do.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 29 Oct 2023 11:30:49 +0100 |
parents | 1fcf3cb7bb50 |
children |
rev | line source |
---|---|
1803 | 1 --- |
3511
b583cce491de
mod_pubsub_github/README: Fix 'labels' metafield to be a list
Kim Alvefur <zash@zash.se>
parents:
3264
diff
changeset
|
2 labels: |
b583cce491de
mod_pubsub_github/README: Fix 'labels' metafield to be a list
Kim Alvefur <zash@zash.se>
parents:
3264
diff
changeset
|
3 - 'Stage-Beta' |
1803 | 4 summary: Publish Github commits over pubsub |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3258
diff
changeset
|
5 --- |
1803 | 6 |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3258
diff
changeset
|
7 ## Introduction |
1803 | 8 |
9 This module accepts Github web hooks and publishes them to a local | |
10 pubsub component for XMPP clients to subscribe to. | |
11 | |
12 Entries are pushed as Atom payloads. | |
13 | |
3258
85e3117b2b60
mod_pubsub_github/README: Note that it might work with Gitlab as well
Kim Alvefur <zash@zash.se>
parents:
1803
diff
changeset
|
14 It may also work with Gitlab. |
85e3117b2b60
mod_pubsub_github/README: Note that it might work with Gitlab as well
Kim Alvefur <zash@zash.se>
parents:
1803
diff
changeset
|
15 |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3258
diff
changeset
|
16 ## Configuration |
1803 | 17 |
18 Load the module on a pubsub component: | |
19 | |
3528
1fcf3cb7bb50
mod_pubsub_github/README: Specify language of code block for pretty syntax highlighting
Kim Alvefur <zash@zash.se>
parents:
3527
diff
changeset
|
20 ``` {.lua} |
1fcf3cb7bb50
mod_pubsub_github/README: Specify language of code block for pretty syntax highlighting
Kim Alvefur <zash@zash.se>
parents:
3527
diff
changeset
|
21 Component "pubsub.example.com" "pubsub" |
1fcf3cb7bb50
mod_pubsub_github/README: Specify language of code block for pretty syntax highlighting
Kim Alvefur <zash@zash.se>
parents:
3527
diff
changeset
|
22 modules_enabled = { "pubsub_github" } |
1fcf3cb7bb50
mod_pubsub_github/README: Specify language of code block for pretty syntax highlighting
Kim Alvefur <zash@zash.se>
parents:
3527
diff
changeset
|
23 github_secret = "NP7bZooYSLKze96TQMpFW5ov" |
1fcf3cb7bb50
mod_pubsub_github/README: Specify language of code block for pretty syntax highlighting
Kim Alvefur <zash@zash.se>
parents:
3527
diff
changeset
|
24 ``` |
1803 | 25 |
3517
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
26 The URL for Github to post to would be either: |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
27 |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
28 - `http://pubsub.example.com:5280/pubsub_github` |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
29 - `https://pubsub.example.com:5281/pubsub_github` |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
30 |
1803 | 31 The module also takes the following config options: |
32 | |
3512
5fb14ae57b4c
mod_pubsub_github/README: Mark up options as code snippets
Kim Alvefur <zash@zash.se>
parents:
3511
diff
changeset
|
33 Name Default Description |
5fb14ae57b4c
mod_pubsub_github/README: Mark up options as code snippets
Kim Alvefur <zash@zash.se>
parents:
3511
diff
changeset
|
34 ----------------------- ------------------- ------------------------------------------------------------ |
5fb14ae57b4c
mod_pubsub_github/README: Mark up options as code snippets
Kim Alvefur <zash@zash.se>
parents:
3511
diff
changeset
|
35 `github_node` `"github"`{.lua} The pubsub node to publish commits on. |
3515
f756e051fa02
mod_pubsub_github: Require a secret to be set (BC)
Kim Alvefur <zash@zash.se>
parents:
3514
diff
changeset
|
36 `github_secret` **Required** Shared secret used to sign HTTP requests. |
3517
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
37 `github_node_prefix` `"github/"`{.lua} |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
38 `github_node_mapping` *not set* Field in repository object to use as node instead of `github_node` |
3514
8811b7dbe6e2
mod_pubsub_github: Add support for specifying an actor with less privileges
Kim Alvefur <zash@zash.se>
parents:
3512
diff
changeset
|
39 `github_actor` *superuser* Which actor to do the publish as (used for access control) |
1803 | 40 |
3517
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
41 More advanced example |
1803 | 42 |
3517
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
43 ``` {.lua} |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
44 Component "pubsub.example.com" "pubsub" |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
45 modules_enabled = { "pubsub_github" } |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
46 github_actor = "github.com" |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
47 github_node_mapping = "name" --> github_node_prefix .. "repo" |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
48 -- github_node_mapping = "full_name" --> github_node_prefix .. "owner/repo" |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
49 github_secret = "sekr1t" |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
50 ``` |
1803 | 51 |
52 If your HTTP host doesn't match the pubsub component's address, you will | |
53 need to inform Prosody. For more info see Prosody's [HTTP server | |
54 documentation](https://prosody.im/doc/http#virtual_hosts). | |
55 | |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3258
diff
changeset
|
56 ## Compatibility |
1803 | 57 |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3258
diff
changeset
|
58 ------ ------------- |
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3258
diff
changeset
|
59 0.10 Should work |
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3258
diff
changeset
|
60 0.9 Works |
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3258
diff
changeset
|
61 ------ ------------- |