|
@@ -1,11 +1,13 @@
|
1
|
1
|
import hashlib
|
|
2
|
+import re
|
2
|
3
|
import socket
|
|
4
|
+from functools import wraps
|
3
|
5
|
|
4
|
6
|
import jenkins
|
5
|
7
|
import requests
|
6
|
8
|
import os
|
7
|
9
|
from bs4 import BeautifulSoup
|
8
|
|
-from flask import Flask, abort, request
|
|
10
|
+from flask import Flask, abort, request, Response
|
9
|
11
|
|
10
|
12
|
BASE_URL = os.environ["LAS_BASE_URL"]
|
11
|
13
|
SECRET = os.environ["LAS_SECRET"]
|
|
@@ -26,6 +28,29 @@ def get_hook_url(service, identifier):
|
26
|
28
|
return f"{BASE_URL}hooks/{service}/{identifier}/{get_hook_key(service, identifier)}"
|
27
|
29
|
|
28
|
30
|
|
|
31
|
+def authenticate(f):
|
|
32
|
+ @wraps(f)
|
|
33
|
+ def wrapper(*args, **kwargs):
|
|
34
|
+ match = re.match(
|
|
35
|
+ "^/hooks/(?P<service>[^/]+)/(?P<identifier>.*)/(?P<key>[^/]+)$",
|
|
36
|
+ request.path,
|
|
37
|
+ )
|
|
38
|
+
|
|
39
|
+ if not match:
|
|
40
|
+ return Response("Bad request", 400)
|
|
41
|
+
|
|
42
|
+ expected_key = get_hook_key(match.group("service"), match.group("identifier"))
|
|
43
|
+ if expected_key != match.group("key"):
|
|
44
|
+ app.logger.info(
|
|
45
|
+ f"Bad request to {request.path}: expected key {expected_key}"
|
|
46
|
+ )
|
|
47
|
+ return Response("Invalid key", 403)
|
|
48
|
+
|
|
49
|
+ return f(*args, **kwargs)
|
|
50
|
+
|
|
51
|
+ return wrapper
|
|
52
|
+
|
|
53
|
+
|
29
|
54
|
def get_jenkins_jobs():
|
30
|
55
|
for job in jenkins_server.get_all_jobs():
|
31
|
56
|
config = BeautifulSoup(
|
|
@@ -101,12 +126,9 @@ def handle_index():
|
101
|
126
|
|
102
|
127
|
|
103
|
128
|
@app.route("/hooks/gitea/<path:repo>/<hash>", methods=["POST"])
|
104
|
|
-def handle_hook_gitea(repo, hash):
|
105
|
|
- app.logger.info(f"Received hook for repo {repo} with has {hash}")
|
106
|
|
- expected_hash = get_hook_key("gitea", repo)
|
107
|
|
- if hash != expected_hash:
|
108
|
|
- app.logger.info(f"Hash mismatch: expected {expected_hash}")
|
109
|
|
- abort(403)
|
|
129
|
+@authenticate
|
|
130
|
+def handle_hook_gitea(repo):
|
|
131
|
+ app.logger.info(f"Received hook for repo {repo}")
|
110
|
132
|
|
111
|
133
|
if repo not in repos:
|
112
|
134
|
app.logger.info(f"Repository not found. Known repos: {repos.keys()}")
|
|
@@ -139,12 +161,8 @@ def handle_hook_gitea(repo, hash):
|
139
|
161
|
|
140
|
162
|
|
141
|
163
|
@app.route("/hooks/docker/registry/<hash>", methods=["GET", "POST"])
|
142
|
|
-def handle_docker_registry(hash):
|
143
|
|
- expected_hash = get_hook_key("docker", "registry")
|
144
|
|
- if hash != expected_hash:
|
145
|
|
- app.logger.info(f"Hash mismatch: expected {expected_hash}")
|
146
|
|
- abort(403)
|
147
|
|
-
|
|
164
|
+@authenticate
|
|
165
|
+def handle_docker_registry():
|
148
|
166
|
for event in request.get_json()["events"]:
|
149
|
167
|
if (
|
150
|
168
|
event["action"] == "push"
|