Mercurial > prosody-modules
annotate mod_pubsub_github/mod_pubsub_github.lua @ 3515:f756e051fa02
mod_pubsub_github: Require a secret to be set (BC)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 31 Mar 2019 18:04:11 +0200 |
parents | 8811b7dbe6e2 |
children | d94875c3ddda |
rev | line source |
---|---|
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 module:depends("http"); |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local st = require "util.stanza"; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local json = require "util.json"; |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3263
diff
changeset
|
5 local hmac_sha1 = require "util.hashes".hmac_sha1; |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local pubsub_service = module:depends("pubsub").service; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 local node = module:get_option("github_node", "github"); |
3514
8811b7dbe6e2
mod_pubsub_github: Add support for specifying an actor with less privileges
Kim Alvefur <zash@zash.se>
parents:
3513
diff
changeset
|
9 local github_actor = module:get_option_string("github_actor") or true; |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3263
diff
changeset
|
10 local secret = module:get_option("github_secret"); |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
3515
f756e051fa02
mod_pubsub_github: Require a secret to be set (BC)
Kim Alvefur <zash@zash.se>
parents:
3514
diff
changeset
|
12 assert(secret, "Please set 'github_secret'"); |
f756e051fa02
mod_pubsub_github: Require a secret to be set (BC)
Kim Alvefur <zash@zash.se>
parents:
3514
diff
changeset
|
13 |
3509
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
14 local error_mapping = { |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
15 ["forbidden"] = 403; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
16 ["item-not-found"] = 404; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
17 ["internal-server-error"] = 500; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
18 ["conflict"] = 409; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
19 }; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
20 |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 function handle_POST(event) |
3508
a98a3922bc01
mod_pubsub_github: Send sensible status codes
Kim Alvefur <zash@zash.se>
parents:
3265
diff
changeset
|
22 local request, response = event.request, event.response; |
3515
f756e051fa02
mod_pubsub_github: Require a secret to be set (BC)
Kim Alvefur <zash@zash.se>
parents:
3514
diff
changeset
|
23 if ("sha1=" .. hmac_sha1(secret, request.body, true)) ~= request.headers.x_hub_signature then |
3264
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3263
diff
changeset
|
24 return 401; |
f48bedd1d433
mod_pubsub_github: Add support for signed requests
Kim Alvefur <zash@zash.se>
parents:
3263
diff
changeset
|
25 end |
3263
a65f4297264b
mod_pubsub_github: Unpack request from event
Kim Alvefur <zash@zash.se>
parents:
1620
diff
changeset
|
26 local data = json.decode(request.body); |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 if not data then |
3508
a98a3922bc01
mod_pubsub_github: Send sensible status codes
Kim Alvefur <zash@zash.se>
parents:
3265
diff
changeset
|
28 response.status_code = 400; |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 return "Invalid JSON. From you of all people..."; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
860
diff
changeset
|
31 |
3513
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
32 local github_event = request.headers.x_github_event |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
33 if github_event == "push" then |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
34 module:log("debug", "Handling 'push' event: \n%s\n", tostring(request.body)); |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
35 elseif github_event then |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
36 module:log("debug", "Unsupported Github event %q", github_event); |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
37 return 501; |
9556e92b2ec4
mod_pubsub_github: Abort on unknown github events
Kim Alvefur <zash@zash.se>
parents:
3510
diff
changeset
|
38 end -- else .. is this even github? |
3510
f09423c29f31
mod_pubsub_github: Log debug message before attempting to publish
Kim Alvefur <zash@zash.se>
parents:
3509
diff
changeset
|
39 |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 for _, commit in ipairs(data.commits) do |
3514
8811b7dbe6e2
mod_pubsub_github: Add support for specifying an actor with less privileges
Kim Alvefur <zash@zash.se>
parents:
3513
diff
changeset
|
41 local ok, err = pubsub_service:publish(node, github_actor, data.repository.name, |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 st.stanza("item", { id = data.repository.name, xmlns = "http://jabber.org/protocol/pubsub" }) |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 :tag("entry", { xmlns = "http://www.w3.org/2005/Atom" }) |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 :tag("id"):text(commit.id):up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 :tag("title"):text(commit.message):up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 :tag("link", { rel = "alternate", href = commit.url }):up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 :tag("published"):text(commit.timestamp):up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 :tag("author") |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 :tag("name"):text(commit.author.name):up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 :tag("email"):text(commit.author.email):up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 :up() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 ); |
3509
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
53 if not ok then |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
54 return error_mapping[err] or 500; |
94414cadfcaa
mod_pubsub_github: Return appropriate status code on failure to publish
Kim Alvefur <zash@zash.se>
parents:
3508
diff
changeset
|
55 end |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
860
diff
changeset
|
57 |
3508
a98a3922bc01
mod_pubsub_github: Send sensible status codes
Kim Alvefur <zash@zash.se>
parents:
3265
diff
changeset
|
58 response.status_code = 202; |
860
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 return "Thank you Github!"; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 end |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 module:provides("http", { |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 route = { |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 POST = handle_POST; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 }; |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 }); |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 function module.load() |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 if not pubsub_service.nodes[node] then |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 local ok, err = pubsub_service:create(node, true); |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 if not ok then |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 module:log("error", "Error creating node: %s", err); |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 else |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 module:log("debug", "Node %q created", node); |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 end |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 end |
1c886affb375
mod_pubsub_github: Receive Github web hooks (generated on pushes to a repository) and forward to a local pubsub node
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 end |