prosody-modules: mod_pubsub_github/mod_pubsub

annotate mod_pubsub_github/mod_pubsub_github.lua @ 3503:882180b459a0

mod_pubsub_post: Restructure authentication and authorization (BC) This deprecates the default "superuser" actor model and makes the default equivalent to the previous "request.id". A single actor and secret per node is supported because HTTP and WebHooks don't normally include any authorization identity. Allowing authentication bypass when no secret is given should be relatively safe when the actor is unprivileged, as will be unless explicitly configured otherwise.

author	Kim Alvefur <zash@zash.se>
date	Sat, 30 Mar 2019 21:16:13 +0100
parents	d4207ab8ccc1
children	a98a3922bc01

rev	line source
860 1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 module:depends("http");
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	2
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 local st = require "util.stanza";
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	4 local json = require "util.json";
3264 f48bedd1d433 mod_pubsub_github: Add support for signed requests Kim Alvefur <zash@zash.se> parents: 3263 diff changeset	5 local hmac_sha1 = require "util.hashes".hmac_sha1;
860 1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	6
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 local pubsub_service = module:depends("pubsub").service;
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	8 local node = module:get_option("github_node", "github");
3264 f48bedd1d433 mod_pubsub_github: Add support for signed requests Kim Alvefur <zash@zash.se> parents: 3263 diff changeset	9 local secret = module:get_option("github_secret");
860 1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	10
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 function handle_POST(event)
3263 a65f4297264b mod_pubsub_github: Unpack request from event Kim Alvefur <zash@zash.se> parents: 1620 diff changeset	12 local request = event.request;
3264 f48bedd1d433 mod_pubsub_github: Add support for signed requests Kim Alvefur <zash@zash.se> parents: 3263 diff changeset	13 if secret and ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then
f48bedd1d433 mod_pubsub_github: Add support for signed requests Kim Alvefur <zash@zash.se> parents: 3263 diff changeset	14 return 401;
f48bedd1d433 mod_pubsub_github: Add support for signed requests Kim Alvefur <zash@zash.se> parents: 3263 diff changeset	15 end
3263 a65f4297264b mod_pubsub_github: Unpack request from event Kim Alvefur <zash@zash.se> parents: 1620 diff changeset	16 local data = json.decode(request.body);
860 1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 if not data then
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	18 return "Invalid JSON. From you of all people...";
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 860 diff changeset	20
860 1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 for _, commit in ipairs(data.commits) do
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	22 local ok, err = pubsub_service:publish(node, true, data.repository.name,
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	23 st.stanza("item", { id = data.repository.name, xmlns = "http://jabber.org/protocol/pubsub" })
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	24 :tag("entry", { xmlns = "http://www.w3.org/2005/Atom" })
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	25 :tag("id"):text(commit.id):up()
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	26 :tag("title"):text(commit.message):up()
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	27 :tag("link", { rel = "alternate", href = commit.url }):up()
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	28 :tag("published"):text(commit.timestamp):up()
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	29 :tag("author")
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	30 :tag("name"):text(commit.author.name):up()
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	31 :tag("email"):text(commit.author.email):up()
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	32 :up()
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	33 );
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	34 end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 860 diff changeset	35
3263 a65f4297264b mod_pubsub_github: Unpack request from event Kim Alvefur <zash@zash.se> parents: 1620 diff changeset	36 module:log("debug", "Handled POST: \n%s\n", tostring(request.body));
860 1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	37 return "Thank you Github!";
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	38 end
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	39
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	40 module:provides("http", {
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	41 route = {
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	42 POST = handle_POST;
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	43 };
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	44 });
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	45
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	46 function module.load()
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	47 if not pubsub_service.nodes[node] then
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	48 local ok, err = pubsub_service:create(node, true);
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	49 if not ok then
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	50 module:log("error", "Error creating node: %s", err);
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	51 else
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	52 module:log("debug", "Node %q created", node);
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	53 end
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	54 end
1c886affb375 mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node Matthew Wild <mwild1@gmail.com> parents: diff changeset	55 end

Mercurial > prosody-modules

annotate mod_pubsub_github/mod_pubsub_github.lua @ 3503:882180b459a0