view mod_pubsub_github/README.markdown @ 5682:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 1fcf3cb7bb50
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: Publish Github commits over pubsub
---

## Introduction

This module accepts Github web hooks and publishes them to a local
pubsub component for XMPP clients to subscribe to.

Entries are pushed as Atom payloads.

It may also work with Gitlab.

## Configuration

Load the module on a pubsub component:

``` {.lua}
Component "pubsub.example.com" "pubsub"
    modules_enabled = { "pubsub_github" }
    github_secret = "NP7bZooYSLKze96TQMpFW5ov"
```

The URL for Github to post to would be either:

-   `http://pubsub.example.com:5280/pubsub_github`
-   `https://pubsub.example.com:5281/pubsub_github`

The module also takes the following config options:

  Name                    Default             Description
  ----------------------- ------------------- ------------------------------------------------------------
  `github_node`           `"github"`{.lua}    The pubsub node to publish commits on.
  `github_secret`         **Required**        Shared secret used to sign HTTP requests.
  `github_node_prefix`    `"github/"`{.lua}
  `github_node_mapping`   *not set*           Field in repository object to use as node instead of `github_node`
  `github_actor`          *superuser*         Which actor to do the publish as (used for access control)

More advanced example

``` {.lua}
Component "pubsub.example.com" "pubsub"
    modules_enabled = { "pubsub_github" }
    github_actor = "github.com"
    github_node_mapping = "name" --> github_node_prefix .. "repo"
    -- github_node_mapping = "full_name" --> github_node_prefix .. "owner/repo"
    github_secret = "sekr1t"
```

If your HTTP host doesn't match the pubsub component's address, you will
need to inform Prosody. For more info see Prosody's [HTTP server
documentation](https://prosody.im/doc/http#virtual_hosts).

## Compatibility

  ------ -------------
  0.10   Should work
  0.9    Works
  ------ -------------