Merge branch 'develop'
This commit is contained in:
commit
dc45db2f25
|
@ -30,6 +30,9 @@
|
||||||
:github-user "commiteth"
|
:github-user "commiteth"
|
||||||
:github-password "XXX"
|
:github-password "XXX"
|
||||||
|
|
||||||
|
;; Add Github App webhook secret here to verify GH origin
|
||||||
|
:webhook-secret "XXX"
|
||||||
|
|
||||||
;; set to true when on Ropsten testnet
|
;; set to true when on Ropsten testnet
|
||||||
:on-testnet true
|
:on-testnet true
|
||||||
|
|
||||||
|
|
|
@ -493,7 +493,7 @@ SELECT
|
||||||
FROM issues i, repositories r
|
FROM issues i, repositories r
|
||||||
WHERE r.repo_id = i.repo_id
|
WHERE r.repo_id = i.repo_id
|
||||||
AND contract_address IS NOT NULL
|
AND contract_address IS NOT NULL
|
||||||
AND i.payout_hash IS NULL;
|
AND i.confirm_hash IS NULL;
|
||||||
|
|
||||||
-- :name get-bounty :? :1
|
-- :name get-bounty :? :1
|
||||||
-- :doc details for a bounty issue given owner, repo and issue nunber
|
-- :doc details for a bounty issue given owner, repo and issue nunber
|
||||||
|
|
|
@ -25,6 +25,7 @@
|
||||||
(defn self [] (:github-user env))
|
(defn self [] (:github-user env))
|
||||||
(defn self-password [] (:github-password env))
|
(defn self-password [] (:github-password env))
|
||||||
(defn on-testnet? [] (env :on-testnet))
|
(defn on-testnet? [] (env :on-testnet))
|
||||||
|
(defn webhook-secret [] (env :webhook-secret))
|
||||||
|
|
||||||
(defn authorize-url [scope]
|
(defn authorize-url [scope]
|
||||||
(let [params (codec/form-encode {:client_id (client-id)
|
(let [params (codec/form-encode {:client_id (client-id)
|
||||||
|
@ -37,8 +38,14 @@
|
||||||
(defn signup-authorize-url []
|
(defn signup-authorize-url []
|
||||||
(authorize-url "user:email"))
|
(authorize-url "user:email"))
|
||||||
|
|
||||||
|
;; NOTE: Capabilities picked for Github apps if true, Oauth if false
|
||||||
|
(defn github-app-enabled? []
|
||||||
|
(env :github-app-enabled) true)
|
||||||
|
|
||||||
(defn admin-authorize-url []
|
(defn admin-authorize-url []
|
||||||
(authorize-url "admin:repo_hook repo user:email admin:org_hook"))
|
(if (github-app-enabled?)
|
||||||
|
(authorize-url "public_repo user:email")
|
||||||
|
(authorize-url "admin:repo_hook repo user:email admin:org_hook")))
|
||||||
|
|
||||||
(defn access-settings-url []
|
(defn access-settings-url []
|
||||||
(str "https://github.com/settings/connections/applications/" (client-id)))
|
(str "https://github.com/settings/connections/applications/" (client-id)))
|
||||||
|
|
|
@ -193,11 +193,17 @@
|
||||||
"anna02test"
|
"anna02test"
|
||||||
"anna03test"
|
"anna03test"
|
||||||
"anna04test"
|
"anna04test"
|
||||||
|
"anna05test"
|
||||||
|
"anna06test"
|
||||||
|
"anna07test"
|
||||||
|
"anna08test"
|
||||||
|
"anna09test"
|
||||||
"pablanopete"
|
"pablanopete"
|
||||||
"andytudhope"
|
"andytudhope"
|
||||||
"ara4n"
|
"ara4n"
|
||||||
"commitethtest"
|
"commitethtest"
|
||||||
"noman-land"
|
"noman-land"
|
||||||
|
"cancuncoconut"
|
||||||
})
|
})
|
||||||
|
|
||||||
(defapi service-routes
|
(defapi service-routes
|
||||||
|
|
|
@ -237,6 +237,23 @@
|
||||||
(crypto/eq? github-signature
|
(crypto/eq? github-signature
|
||||||
(str "sha1=" (hex-hmac-sha1 secret raw-payload))))))
|
(str "sha1=" (hex-hmac-sha1 secret raw-payload))))))
|
||||||
|
|
||||||
|
(defn validate-secret-naive [webhook-payload raw-payload github-signature]
|
||||||
|
(let [full-name (get-in webhook-payload [:repository :full_name])
|
||||||
|
repo (repos/get-repo full-name)]
|
||||||
|
(log/debug "validate secret naive - repo exists?" repo)
|
||||||
|
repo))
|
||||||
|
|
||||||
|
(defn validate-secret-one-hook [webhook-payload raw-payload github-signature]
|
||||||
|
(let [full-name (get-in webhook-payload [:repository :full_name])
|
||||||
|
repo (repos/get-repo full-name)
|
||||||
|
secret (github/webhook-secret)
|
||||||
|
;; XXX remove below once verified in logs
|
||||||
|
debug-secret (apply str (take 5 (github/webhook-secret)))]
|
||||||
|
(log/debug "validate secret one hook - repo exists and github origin" repo " - " debug-secret)
|
||||||
|
(and (not (string/blank? secret))
|
||||||
|
repo
|
||||||
|
(crypto/eq? github-signature
|
||||||
|
(str "sha1=" (hex-hmac-sha1 secret raw-payload))))))
|
||||||
|
|
||||||
(defroutes webhook-routes
|
(defroutes webhook-routes
|
||||||
(POST "/webhook" {:keys [headers body]}
|
(POST "/webhook" {:keys [headers body]}
|
||||||
|
@ -252,4 +269,19 @@
|
||||||
"issues" (handle-issue payload)
|
"issues" (handle-issue payload)
|
||||||
"pull_request" (handle-pull-request payload)
|
"pull_request" (handle-pull-request payload)
|
||||||
(ok)))
|
(ok)))
|
||||||
(forbidden)))))
|
(forbidden))))
|
||||||
|
(POST "/webhook-app" {:keys [headers body]}
|
||||||
|
(log/debug "webhook-app POST, headers" headers)
|
||||||
|
(let [raw-payload (slurp body)
|
||||||
|
payload (json/parse-string raw-payload true)]
|
||||||
|
(log/debug "webhook-app POST, payload" payload)
|
||||||
|
(if (validate-secret-one-hook payload raw-payload (get headers "x-hub-signature"))
|
||||||
|
(do
|
||||||
|
(log/debug "Github secret validation OK app")
|
||||||
|
(log/debug "x-github-event app" (get headers "x-github-event"))
|
||||||
|
(case (get headers "x-github-event")
|
||||||
|
"issues" (handle-issue payload)
|
||||||
|
"pull_request" (handle-pull-request payload)
|
||||||
|
(ok)))
|
||||||
|
(forbidden))))
|
||||||
|
)
|
||||||
|
|
Loading…
Reference in New Issue