123 lines
3.7 KiB
JavaScript
123 lines
3.7 KiB
JavaScript
/*
|
|
* Bot that receives a POST request (from a GitHub issue comment webhook)
|
|
* and in case it's a comment that has "@autobounty <decimal> <currency>"
|
|
* awards that bounty to the address posted earlier in the thread (by the
|
|
* commiteth bot).
|
|
* TODO tests
|
|
* REVIEW parsing, non-persisting storage of addresses, hardcoded string length.
|
|
* Depends on commiteth version as of 2017-06-10.
|
|
*/
|
|
|
|
const config = require('./config');
|
|
const bot = require('./bot');
|
|
const crypto = require('crypto');
|
|
|
|
|
|
var express = require('express'),
|
|
cors = require('cors'),
|
|
helmet = require('helmet'),
|
|
app = express(),
|
|
bodyParser = require('body-parser'),
|
|
jsonParser = bodyParser.json();
|
|
|
|
app.use(cors());
|
|
app.use(helmet());
|
|
|
|
// Receive a POST request at the url specified by an env. var.
|
|
app.post(`${config.urlEndpoint}`, jsonParser, function (req, res, next) {
|
|
|
|
if (!req.body || !req.body.action) {
|
|
return res.sendStatus(400);
|
|
} else if (!bot.needsFunding(req)) {
|
|
return res.sendStatus(204);
|
|
}
|
|
|
|
validation = validateRequest(req);
|
|
|
|
if (validation.correct) {
|
|
|
|
setTimeout(() => {
|
|
processRequest(req)
|
|
.then(() => {
|
|
bot.info('issue well funded: ' + req.body.issue.url);
|
|
})
|
|
.catch((err) => {
|
|
bot.error('Error processing request: ' + req.body.issue.url);
|
|
bot.error('Error: ' + err);
|
|
bot.error('Dump: ', req.body);
|
|
});
|
|
}, config.delayInMiliSeconds);
|
|
|
|
} else {
|
|
bot.error('Error validating issue: ' + req.body.issue.url);
|
|
bot.error('Error: ' + validation.error);
|
|
}
|
|
return res.sendStatus(200);
|
|
});
|
|
|
|
const validateRequest = function (req) {
|
|
validation = {correct: false, error: ''};
|
|
webhookSecret = process.env.WEBHOOK_SECRET;
|
|
|
|
if(!webhookSecret) {
|
|
validation.error = 'Github Webhook Secret key not found. ' +
|
|
'Please set env variable WEBHOOK_SECRET to github\'s webhook secret value';
|
|
} else {
|
|
|
|
const blob = JSON.stringify(req.body);
|
|
const hmac = crypto.createHmac('sha1', webhookSecret);
|
|
const ourSignature = `sha1=${hmac.update(blob).digest('hex')}`;
|
|
|
|
const theirSignature = req.get('X-Hub-Signature');
|
|
|
|
const bufferA = Buffer.from(ourSignature, 'utf8');
|
|
const bufferB = Buffer.from(theirSignature, 'utf8');
|
|
|
|
const safe = crypto.timingSafeEqual(bufferA, bufferB);
|
|
|
|
if (safe) {
|
|
validation.correct = true;
|
|
} else {
|
|
validation.error = 'Invalid signature. Check that WEBHOOK_SECRET ' +
|
|
'env variable matches github\'s webhook secret value';
|
|
}
|
|
}
|
|
|
|
return validation;
|
|
}
|
|
|
|
const processRequest = function (req) {
|
|
// const wallet = bot.wallet;
|
|
|
|
const from = config.sourceAddress;
|
|
const to = bot.getAddress(req);
|
|
|
|
// Asynchronous requests for Gas Price and Amount
|
|
const amountPromise = bot.getAmount(req);
|
|
const gasPricePromise = bot.getGasPrice();
|
|
return new Promise((resolve, reject) => {
|
|
Promise.all([amountPromise, gasPricePromise])
|
|
.then(function (results) {
|
|
let amount = results[0];
|
|
let gasPrice = results[1];
|
|
|
|
bot.sendTransaction(to, amount, gasPrice)
|
|
.then(function () {
|
|
resolve();
|
|
})
|
|
.catch(function (err) {
|
|
reject(err);
|
|
});
|
|
|
|
})
|
|
.catch(function (err) {
|
|
reject(err);
|
|
});
|
|
});
|
|
}
|
|
|
|
const port = process.env.PORT || 8181
|
|
app.listen(port, function () {
|
|
bot.info('Autobounty listening on port', port);
|
|
});
|