Feat: add support for secret provider for webhook

This commit is contained in:
Peter Šurda 2021-04-16 03:55:32 +02:00
parent fe223aa990
commit 3e59f2069e
Signed by: PeterSurda
GPG Key ID: 0C5F50C0B5F37D87

View File

@ -2,10 +2,13 @@ import json
import re import re
import hmac import hmac
import hashlib import hashlib
from buildbot.util import bytes2unicode from buildbot.process.properties import Properties
from buildbot.util import bytes2unicode, unicode2bytes
from buildbot.www.hooks.base import BaseHookHandler from buildbot.www.hooks.base import BaseHookHandler
from twisted.internet import defer
from twisted.python import log from twisted.python import log
from dateutil.parser import parse as dateparse from dateutil.parser import parse as dateparse
_HEADER_EVENT_TYPE = 'X-Gitea-Event' _HEADER_EVENT_TYPE = 'X-Gitea-Event'
@ -118,6 +121,7 @@ class GiteaHandler(BaseHookHandler):
change['codebase'] = codebase change['codebase'] = codebase
return [change] return [change]
@defer.inlineCallbacks
def getChanges(self, request): def getChanges(self, request):
secret = None secret = None
if isinstance(self.options, dict): if isinstance(self.options, dict):
@ -130,9 +134,12 @@ class GiteaHandler(BaseHookHandler):
raise ValueError('Error loading JSON: ' + str(exception)) raise ValueError('Error loading JSON: ' + str(exception))
if secret is not None: if secret is not None:
p = Properties()
p.master = self.master
rendered_secret = yield p.render(secret)
signature = hmac.new( signature = hmac.new(
secret.encode("UTF-8"), unicode2bytes(rendered_secret),
content_text.strip().encode("UTF-8"), unicode2bytes(content_text.strip()),
digestmod=hashlib.sha256) digestmod=hashlib.sha256)
header_signature = bytes2unicode( header_signature = bytes2unicode(
request.getHeader(_HEADER_SIGNATURE)) request.getHeader(_HEADER_SIGNATURE))