public
/
lineandsinker
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Add decorator for authenticating requests.

master
Chris Smith 6 years ago
parent
ade63668ad
commit
f73fd65be6
1 changed files with 31 additions and 13 deletions
Split View Show Diff Stats
  1. 31
    13
      main.py

+ 31
- 13
main.py View File 

@@ -1,11 +1,13 @@
1 1 
 import hashlib
2 
+import re
2 3 
 import socket
4 
+from functools import wraps
3 5
4 6 
 import jenkins
5 7 
 import requests
6 8 
 import os
7 9 
 from bs4 import BeautifulSoup
8 
-from flask import Flask, abort, request
10 
+from flask import Flask, abort, request, Response
9 11
10 12 
 BASE_URL = os.environ["LAS_BASE_URL"]
11 13 
 SECRET = os.environ["LAS_SECRET"]
 
@@ -26,6 +28,29 @@ def get_hook_url(service, identifier):
26 28 
     return f"{BASE_URL}hooks/{service}/{identifier}/{get_hook_key(service, identifier)}"
27 29
28 30
31 
+def authenticate(f):
32 
+    @wraps(f)
33 
+    def wrapper(*args, **kwargs):
34 
+        match = re.match(
35 
+            "^/hooks/(?P<service>[^/]+)/(?P<identifier>.*)/(?P<key>[^/]+)$",
36 
+            request.path,
37 
+        )
38 
+
39 
+        if not match:
40 
+            return Response("Bad request", 400)
41 
+
42 
+        expected_key = get_hook_key(match.group("service"), match.group("identifier"))
43 
+        if expected_key != match.group("key"):
44 
+            app.logger.info(
45 
+                f"Bad request to {request.path}: expected key {expected_key}"
46 
+            )
47 
+            return Response("Invalid key", 403)
48 
+
49 
+        return f(*args, **kwargs)
50 
+
51 
+    return wrapper
52 
+
53 
+
29 54 
 def get_jenkins_jobs():
30 55 
     for job in jenkins_server.get_all_jobs():
31 56 
         config = BeautifulSoup(
 
@@ -101,12 +126,9 @@ def handle_index():
101 126
102 127
103 128 
 @app.route("/hooks/gitea/<path:repo>/<hash>", methods=["POST"])
104 
-def handle_hook_gitea(repo, hash):
105 
-    app.logger.info(f"Received hook for repo {repo} with has {hash}")
106 
-    expected_hash = get_hook_key("gitea", repo)
107 
-    if hash != expected_hash:
108 
-        app.logger.info(f"Hash mismatch: expected {expected_hash}")
109 
-        abort(403)
129 
+@authenticate
130 
+def handle_hook_gitea(repo):
131 
+    app.logger.info(f"Received hook for repo {repo}")
110 132
111 133 
     if repo not in repos:
112 134 
         app.logger.info(f"Repository not found. Known repos: {repos.keys()}")
 
@@ -139,12 +161,8 @@ def handle_hook_gitea(repo, hash):
139 161
140 162
141 163 
 @app.route("/hooks/docker/registry/<hash>", methods=["GET", "POST"])
142 
-def handle_docker_registry(hash):
143 
-    expected_hash = get_hook_key("docker", "registry")
144 
-    if hash != expected_hash:
145 
-        app.logger.info(f"Hash mismatch: expected {expected_hash}")
146 
-        abort(403)
147 
-
164 
+@authenticate
165 
+def handle_docker_registry():
148 166 
     for event in request.get_json()["events"]:
149 167 
         if (
150 168 
             event["action"] == "push"

Write Preview
Loading…
Cancel
Save