Mercurial > prosody-modules
annotate mod_pubsub_github/mod_pubsub_github.lua @ 3523:68beaf7fd7d6
luacheckrc: Copy line length setting from prosody
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 31 Mar 2019 18:31:10 +0200 |
parents | c2e038e573be |
children | 8c1a3b989990 |
rev | line source |
---|---|
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 module:depends("http"); |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local st = require "util.stanza"; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local json = require "util.json"; |
3520
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
5 local hashes = require "util.hashes"; |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
6 local from_hex = require "util.hex".from; |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
7 local hmacs = { |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
8 sha1 = hashes.hmac_sha1; |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
9 sha256 = hashes.hmac_sha256; |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
10 sha384 = hashes.hmac_sha384; |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
11 sha512 = hashes.hmac_sha512; |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
12 }; |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local pubsub_service = module:depends("pubsub").service; |
3521
a200fbce0ecb
mod_pubsub_github: Add some spacing to improve readability
Kim Alvefur <zash@zash.se>
parents:
3520
diff
changeset
|
15 |
a200fbce0ecb
mod_pubsub_github: Add some spacing to improve readability
Kim Alvefur <zash@zash.se>
parents:
3520
diff
changeset
|
16 -- configuration |
3517
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
17 local default_node = module:get_option("github_node", "github"); |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
18 local node_prefix = module:get_option_string("github_node_prefix", "github/"); |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
19 local node_mapping = module:get_option_string("github_node_mapping"); |
3514
8811b7dbe6e2
mod_pubsub_github: Add support for specifying an actor with less privileges
Kim Alvefur <zash@zash.se>
parents:
3513
diff
changeset
|
20 local github_actor = module:get_option_string("github_actor") or true; |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3263
diff
changeset
|
21 local secret = module:get_option("github_secret"); |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
3521
a200fbce0ecb
mod_pubsub_github: Add some spacing to improve readability
Kim Alvefur <zash@zash.se>
parents:
3520
diff
changeset
|
23 -- validation |
3515
f756e051fa02
mod_pubsub_github: Require a secret to be set (BC)
Kim Alvefur <zash@zash.se>
parents:
3514
diff
changeset
|
24 assert(secret, "Please set 'github_secret'"); |
f756e051fa02
mod_pubsub_github: Require a secret to be set (BC)
Kim Alvefur <zash@zash.se>
parents:
3514
diff
changeset
|
25 |
3509
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
26 local error_mapping = { |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
27 ["forbidden"] = 403; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
28 ["item-not-found"] = 404; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
29 ["internal-server-error"] = 500; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
30 ["conflict"] = 409; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
31 }; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
32 |
3520
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
33 local function verify_signature(secret, body, signature) |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
34 if not signature then return false; end |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
35 local algo, digest = signature:match("^([^=]+)=(%x+)"); |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
36 if not algo then return false; end |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
37 local hmac = hmacs[algo]; |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
38 if not algo then return false; end |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
39 return hmac(secret, body) == from_hex(digest); |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
40 end |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
41 |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 function handle_POST(event) |
3508
a98a3922bc01
mod_pubsub_github: Send sensible status codes
Kim Alvefur <zash@zash.se>
parents:
3265
diff
changeset
|
43 local request, response = event.request, event.response; |
3520
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
44 |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
45 if not verify_signature(secret, request.body, request.headers.x_hub_signature) then |
37e89a76c7d7
mod_pubsub_github: Lift signature validation from mod_pubsub_post
Kim Alvefur <zash@zash.se>
parents:
3519
diff
changeset
|
46 module:log("debug", "Signature validation failed"); |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3263
diff
changeset
|
47 return 401; |
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3263
diff
changeset
|
48 end |
3521
a200fbce0ecb
mod_pubsub_github: Add some spacing to improve readability
Kim Alvefur <zash@zash.se>
parents:
3520
diff
changeset
|
49 |
3263
a65f4297264b
mod_pubsub_github: Unpack request from event
Kim Alvefur <zash@zash.se>
parents:
1620
diff
changeset
|
50 local data = json.decode(request.body); |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 if not data then |
3508
a98a3922bc01
mod_pubsub_github: Send sensible status codes
Kim Alvefur <zash@zash.se>
parents:
3265
diff
changeset
|
52 response.status_code = 400; |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 return "Invalid JSON. From you of all people..."; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
860
diff
changeset
|
55 |
3513
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
56 local github_event = request.headers.x_github_event |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
57 if github_event == "push" then |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
58 module:log("debug", "Handling 'push' event: \n%s\n", tostring(request.body)); |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
59 elseif github_event then |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
60 module:log("debug", "Unsupported Github event %q", github_event); |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
61 return 501; |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
62 end -- else .. is this even github? |
3510
f09423c29f31
mod_pubsub_github: Log debug message before attempting to publish
Kim Alvefur <zash@zash.se>
parents:
3509
diff
changeset
|
63 |
3517
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
64 local node = default_node; |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
65 if node_mapping then |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
66 node = node_prefix .. data.repository[node_mapping]; |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
67 end |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
68 |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 for _, commit in ipairs(data.commits) do |
3516
d94875c3ddda
mod_pubsub_github: Publish with item id set to commit hash (BC)
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
70 local ok, err = pubsub_service:publish(node, github_actor, commit.id, |
d94875c3ddda
mod_pubsub_github: Publish with item id set to commit hash (BC)
Kim Alvefur <zash@zash.se>
parents:
3515
diff
changeset
|
71 st.stanza("item", { id = commit.id, xmlns = "http://jabber.org/protocol/pubsub" }) |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 :tag("entry", { xmlns = "http://www.w3.org/2005/Atom" }) |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 :tag("id"):text(commit.id):up() |
3519
ac623080324a
mod_pubsub_github: Only put first line of commit message in title, rest in content
Kim Alvefur <zash@zash.se>
parents:
3518
diff
changeset
|
74 :tag("title"):text(commit.message:match("^[^\r\n]*")):up() |
3522
c2e038e573be
mod_pubsub_github: Include a summary field in payload
Kim Alvefur <zash@zash.se>
parents:
3521
diff
changeset
|
75 :tag("summary"):text(("Commit to %s by %s: %s"):format(data.repository.name, commit.author.name, commit.message:match("^[^\r\n]*"))):up() |
3519
ac623080324a
mod_pubsub_github: Only put first line of commit message in title, rest in content
Kim Alvefur <zash@zash.se>
parents:
3518
diff
changeset
|
76 :tag("content"):text(commit.message):up() |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 :tag("link", { rel = "alternate", href = commit.url }):up() |
3518
95c1c3e057cf
mod_pubsub_github: Fix publish date
Kim Alvefur <zash@zash.se>
parents:
3517
diff
changeset
|
78 :tag("published"):text(commit.author.date):up() |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 :tag("author") |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 :tag("name"):text(commit.author.name):up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 :tag("email"):text(commit.author.email):up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 :up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 ); |
3509
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
84 if not ok then |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
85 return error_mapping[err] or 500; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
86 end |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
860
diff
changeset
|
88 |
3508
a98a3922bc01
mod_pubsub_github: Send sensible status codes
Kim Alvefur <zash@zash.se>
parents:
3265
diff
changeset
|
89 response.status_code = 202; |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 return "Thank you Github!"; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 end |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 module:provides("http", { |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 route = { |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 POST = handle_POST; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 }; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 }); |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 |
3517
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
99 if not node_mapping then |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
100 function module.load() |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
101 if not pubsub_service.nodes[default_node] then |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
102 local ok, err = pubsub_service:create(default_node, true); |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
103 if not ok then |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
104 module:log("error", "Error creating node: %s", err); |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
105 else |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
106 module:log("debug", "Node %q created", default_node); |
ea1edd7cfb01
mod_pubsub_github: Add support for publishing to multiple node based on repository
Kim Alvefur <zash@zash.se>
parents:
3516
diff
changeset
|
107 end |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 end |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 end |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 end |