-
Notifications
You must be signed in to change notification settings - Fork 0
/
webhook.go
121 lines (99 loc) · 2.7 KB
/
webhook.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package goscm
import (
"crypto/hmac"
"crypto/sha1"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
)
var (
ErrEventNotSpecifiedToParse = errors.New("no Event specified to parse")
ErrInvalidHTTPMethod = errors.New("invalid HTTP Method")
ErrMissingScmEventHeader = errors.New("missing X-SCM-PushEvent Header")
ErrMissingScmSignatureHeader = errors.New("missing X-SCM-Signature Header")
ErrEventNotFound = errors.New("event not defined to be parsed")
ErrParsingPayload = errors.New("error parsing payload")
ErrSecretVerification = errors.New("token verification error")
ErrHMACVerificationFailed = errors.New("HMAC verification failed")
)
var Options = WebhookOptions{}
const (
PushEvent Event = "Push"
)
type ArgoCDWebhook struct {
secret string
}
type WebhookOptions struct{}
type Event string
type Option func(*ArgoCDWebhook) error
func (WebhookOptions) Secret(secret string) Option {
return func(hook *ArgoCDWebhook) error {
hook.secret = secret
return nil
}
}
func New(options ...Option) (*ArgoCDWebhook, error) {
hook := new(ArgoCDWebhook)
for _, opt := range options {
if err := opt(hook); err != nil {
return nil, errors.New("Error applying Option")
}
}
return hook, nil
}
func (webhook ArgoCDWebhook) Parse(request *http.Request, events ...Event) (interface{}, error) {
if len(events) == 0 {
return nil, ErrEventNotSpecifiedToParse
}
if request.Method != http.MethodPost {
return nil, ErrInvalidHTTPMethod
}
event := request.Header.Get("X-SCM-PushEvent")
if event == "" {
return nil, ErrEventNotSpecifiedToParse
}
if request.Method != http.MethodPost {
return nil, ErrInvalidHTTPMethod
}
scmEvent := Event(event)
var found bool
for _, evt := range events {
if evt == scmEvent {
found = true
break
}
}
if !found {
return nil, ErrEventNotFound
}
return webhook.UnmarshalPayload(request, scmEvent)
}
func (webhook ArgoCDWebhook) UnmarshalPayload(request *http.Request, scmEvent Event) (interface{}, error) {
payload, err := io.ReadAll(request.Body)
if err != nil || len(payload) == 0 {
return nil, ErrParsingPayload
}
if len(webhook.secret) > 0 {
signature := request.Header.Get("X-SCM-Signature")
if len(signature) == 0 {
return nil, ErrMissingScmSignatureHeader
}
mac := hmac.New(sha1.New, []byte(webhook.secret))
_, _ = mac.Write(payload)
expectedMAC := hex.EncodeToString(mac.Sum(nil))
if !hmac.Equal([]byte(signature[5:]), []byte(expectedMAC)) {
return nil, ErrHMACVerificationFailed
}
}
switch scmEvent {
case PushEvent:
var pl PushEventPayload
err := json.Unmarshal(payload, &pl)
return pl, err
default:
return nil, fmt.Errorf("unknown event #{scmEvent}")
}
}