Merge branch 'develop'

This commit is contained in:
Teemu Patja 2017-11-04 22:32:09 +02:00
commit dc45db2f25
No known key found for this signature in database
GPG Key ID: F5B7035E6580FD4C
5 changed files with 51 additions and 3 deletions

View File

@ -30,6 +30,9 @@
:github-user "commiteth" :github-user "commiteth"
:github-password "XXX" :github-password "XXX"
;; Add Github App webhook secret here to verify GH origin
:webhook-secret "XXX"
;; set to true when on Ropsten testnet ;; set to true when on Ropsten testnet
:on-testnet true :on-testnet true

View File

@ -493,7 +493,7 @@ SELECT
FROM issues i, repositories r FROM issues i, repositories r
WHERE r.repo_id = i.repo_id WHERE r.repo_id = i.repo_id
AND contract_address IS NOT NULL AND contract_address IS NOT NULL
AND i.payout_hash IS NULL; AND i.confirm_hash IS NULL;
-- :name get-bounty :? :1 -- :name get-bounty :? :1
-- :doc details for a bounty issue given owner, repo and issue nunber -- :doc details for a bounty issue given owner, repo and issue nunber

View File

@ -25,6 +25,7 @@
(defn self [] (:github-user env)) (defn self [] (:github-user env))
(defn self-password [] (:github-password env)) (defn self-password [] (:github-password env))
(defn on-testnet? [] (env :on-testnet)) (defn on-testnet? [] (env :on-testnet))
(defn webhook-secret [] (env :webhook-secret))
(defn authorize-url [scope] (defn authorize-url [scope]
(let [params (codec/form-encode {:client_id (client-id) (let [params (codec/form-encode {:client_id (client-id)
@ -37,8 +38,14 @@
(defn signup-authorize-url [] (defn signup-authorize-url []
(authorize-url "user:email")) (authorize-url "user:email"))
;; NOTE: Capabilities picked for Github apps if true, Oauth if false
(defn github-app-enabled? []
(env :github-app-enabled) true)
(defn admin-authorize-url [] (defn admin-authorize-url []
(authorize-url "admin:repo_hook repo user:email admin:org_hook")) (if (github-app-enabled?)
(authorize-url "public_repo user:email")
(authorize-url "admin:repo_hook repo user:email admin:org_hook")))
(defn access-settings-url [] (defn access-settings-url []
(str "https://github.com/settings/connections/applications/" (client-id))) (str "https://github.com/settings/connections/applications/" (client-id)))

View File

@ -193,11 +193,17 @@
"anna02test" "anna02test"
"anna03test" "anna03test"
"anna04test" "anna04test"
"anna05test"
"anna06test"
"anna07test"
"anna08test"
"anna09test"
"pablanopete" "pablanopete"
"andytudhope" "andytudhope"
"ara4n" "ara4n"
"commitethtest" "commitethtest"
"noman-land" "noman-land"
"cancuncoconut"
}) })
(defapi service-routes (defapi service-routes

View File

@ -237,6 +237,23 @@
(crypto/eq? github-signature (crypto/eq? github-signature
(str "sha1=" (hex-hmac-sha1 secret raw-payload)))))) (str "sha1=" (hex-hmac-sha1 secret raw-payload))))))
(defn validate-secret-naive [webhook-payload raw-payload github-signature]
(let [full-name (get-in webhook-payload [:repository :full_name])
repo (repos/get-repo full-name)]
(log/debug "validate secret naive - repo exists?" repo)
repo))
(defn validate-secret-one-hook [webhook-payload raw-payload github-signature]
(let [full-name (get-in webhook-payload [:repository :full_name])
repo (repos/get-repo full-name)
secret (github/webhook-secret)
;; XXX remove below once verified in logs
debug-secret (apply str (take 5 (github/webhook-secret)))]
(log/debug "validate secret one hook - repo exists and github origin" repo " - " debug-secret)
(and (not (string/blank? secret))
repo
(crypto/eq? github-signature
(str "sha1=" (hex-hmac-sha1 secret raw-payload))))))
(defroutes webhook-routes (defroutes webhook-routes
(POST "/webhook" {:keys [headers body]} (POST "/webhook" {:keys [headers body]}
@ -252,4 +269,19 @@
"issues" (handle-issue payload) "issues" (handle-issue payload)
"pull_request" (handle-pull-request payload) "pull_request" (handle-pull-request payload)
(ok))) (ok)))
(forbidden))))) (forbidden))))
(POST "/webhook-app" {:keys [headers body]}
(log/debug "webhook-app POST, headers" headers)
(let [raw-payload (slurp body)
payload (json/parse-string raw-payload true)]
(log/debug "webhook-app POST, payload" payload)
(if (validate-secret-one-hook payload raw-payload (get headers "x-hub-signature"))
(do
(log/debug "Github secret validation OK app")
(log/debug "x-github-event app" (get headers "x-github-event"))
(case (get headers "x-github-event")
"issues" (handle-issue payload)
"pull_request" (handle-pull-request payload)
(ok)))
(forbidden))))
)