aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2019-11-09 05:25:53 +0800
committertechknowlogick <techknowlogick@gitea.io>2019-11-08 16:25:53 -0500
commit55bdc9aa38177f75fdae4cb96e98bf465d7ecb2a (patch)
tree621333fde9de8cec79dac36bcaced0e4b499dfb3
parent016a5d0438e551d4630819683dd6dc4fccb0cb51 (diff)
downloadgitea-55bdc9aa38177f75fdae4cb96e98bf465d7ecb2a.tar.gz
gitea-55bdc9aa38177f75fdae4cb96e98bf465d7ecb2a.zip
Webhook support custom proxy (#8760)
* Webhook support custom proxy * Add glob support on webhook proxy host rules * fix app.ini.sample * improve code and app.ini.sample * update cheetsheet about added webhook options
-rw-r--r--custom/conf/app.ini.sample4
-rw-r--r--docs/content/doc/advanced/config-cheat-sheet.en-us.md2
-rw-r--r--docs/content/doc/advanced/config-cheat-sheet.zh-cn.md2
-rw-r--r--modules/setting/webhook.go21
-rw-r--r--modules/webhook/deliver.go36
-rw-r--r--modules/webhook/deliver_test.go39
6 files changed, 101 insertions, 3 deletions
diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample
index 33cd0506ed..17fcc0de23 100644
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -511,6 +511,10 @@ DELIVER_TIMEOUT = 5
SKIP_TLS_VERIFY = false
; Number of history information in each page
PAGING_NUM = 10
+; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
+PROXY_URL =
+; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
+PROXY_HOSTS =
[mailer]
ENABLED = false
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index 1e24255d8d..96b529c0bc 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -312,6 +312,8 @@ relation to port exhaustion.
- `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
- `SKIP_TLS_VERIFY`: **false**: Allow insecure certification.
- `PAGING_NUM`: **10**: Number of webhook history events that are shown in one page.
+- `PROXY_URL`: ****: Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
+- `PROXY_HOSTS`: ****: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
## Mailer (`mailer`)
diff --git a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
index 53426ed983..b545d9a99d 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@@ -129,6 +129,8 @@ menu:
- `DELIVER_TIMEOUT`: 请求webhooks的超时时间,单位秒。
- `SKIP_TLS_VERIFY`: 是否允许不安全的证书。
- `PAGING_NUM`: 每页显示的Webhook 历史数量。
+- `PROXY_URL`: ****: 代理服务器网址,支持 http://, https//, socks://, 为空将使用环境变量中的 http_proxy/https_proxy 设置。
+- `PROXY_HOSTS`: ****: 逗号分隔的需要代理的域名或IP地址。支持 * 号匹配符,使用 ** 匹配所有域名和IP地址。
## Mailer (`mailer`)
diff --git a/modules/setting/webhook.go b/modules/setting/webhook.go
index b0e7d66ad2..4a953616f1 100644
--- a/modules/setting/webhook.go
+++ b/modules/setting/webhook.go
@@ -4,6 +4,12 @@
package setting
+import (
+ "net/url"
+
+ "code.gitea.io/gitea/modules/log"
+)
+
var (
// Webhook settings
Webhook = struct {
@@ -12,11 +18,16 @@ var (
SkipTLSVerify bool
Types []string
PagingNum int
+ ProxyURL string
+ ProxyURLFixed *url.URL
+ ProxyHosts []string
}{
QueueLength: 1000,
DeliverTimeout: 5,
SkipTLSVerify: false,
PagingNum: 10,
+ ProxyURL: "",
+ ProxyHosts: []string{},
}
)
@@ -27,4 +38,14 @@ func newWebhookService() {
Webhook.SkipTLSVerify = sec.Key("SKIP_TLS_VERIFY").MustBool()
Webhook.Types = []string{"gitea", "gogs", "slack", "discord", "dingtalk", "telegram", "msteams"}
Webhook.PagingNum = sec.Key("PAGING_NUM").MustInt(10)
+ Webhook.ProxyURL = sec.Key("PROXY_URL").MustString("")
+ if Webhook.ProxyURL != "" {
+ var err error
+ Webhook.ProxyURLFixed, err = url.Parse(Webhook.ProxyURL)
+ if err != nil {
+ log.Error("Webhook PROXY_URL is not valid")
+ Webhook.ProxyURL = ""
+ }
+ }
+ Webhook.ProxyHosts = sec.Key("PROXY_HOSTS").Strings(",")
}
diff --git a/modules/webhook/deliver.go b/modules/webhook/deliver.go
index 54f20171fa..b262505cea 100644
--- a/modules/webhook/deliver.go
+++ b/modules/webhook/deliver.go
@@ -12,11 +12,13 @@ import (
"net/http"
"net/url"
"strings"
+ "sync"
"time"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
+ "github.com/gobwas/glob"
"github.com/unknwon/com"
)
@@ -182,7 +184,36 @@ func DeliverHooks() {
}
}
-var webhookHTTPClient *http.Client
+var (
+ webhookHTTPClient *http.Client
+ once sync.Once
+ hostMatchers []glob.Glob
+)
+
+func webhookProxy() func(req *http.Request) (*url.URL, error) {
+ if setting.Webhook.ProxyURL == "" {
+ return http.ProxyFromEnvironment
+ }
+
+ once.Do(func() {
+ for _, h := range setting.Webhook.ProxyHosts {
+ if g, err := glob.Compile(h); err == nil {
+ hostMatchers = append(hostMatchers, g)
+ } else {
+ log.Error("glob.Compile %s failed: %v", h, err)
+ }
+ }
+ })
+
+ return func(req *http.Request) (*url.URL, error) {
+ for _, v := range hostMatchers {
+ if v.Match(req.URL.Host) {
+ return http.ProxyURL(setting.Webhook.ProxyURLFixed)(req)
+ }
+ }
+ return http.ProxyFromEnvironment(req)
+ }
+}
// InitDeliverHooks starts the hooks delivery thread
func InitDeliverHooks() {
@@ -191,7 +222,7 @@ func InitDeliverHooks() {
webhookHTTPClient = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify},
- Proxy: http.ProxyFromEnvironment,
+ Proxy: webhookProxy(),
Dial: func(netw, addr string) (net.Conn, error) {
conn, err := net.DialTimeout(netw, addr, timeout)
if err != nil {
@@ -199,7 +230,6 @@ func InitDeliverHooks() {
}
return conn, conn.SetDeadline(time.Now().Add(timeout))
-
},
},
}
diff --git a/modules/webhook/deliver_test.go b/modules/webhook/deliver_test.go
new file mode 100644
index 0000000000..cfc99d796a
--- /dev/null
+++ b/modules/webhook/deliver_test.go
@@ -0,0 +1,39 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package webhook
+
+import (
+ "net/http"
+ "net/url"
+ "testing"
+
+ "code.gitea.io/gitea/modules/setting"
+ "github.com/stretchr/testify/assert"
+)
+
+func TestWebhookProxy(t *testing.T) {
+ setting.Webhook.ProxyURL = "http://localhost:8080"
+ setting.Webhook.ProxyURLFixed, _ = url.Parse(setting.Webhook.ProxyURL)
+ setting.Webhook.ProxyHosts = []string{"*.discordapp.com", "discordapp.com"}
+
+ var kases = map[string]string{
+ "https://discordapp.com/api/webhooks/xxxxxxxxx/xxxxxxxxxxxxxxxxxxx": "http://localhost:8080",
+ "http://s.discordapp.com/assets/xxxxxx": "http://localhost:8080",
+ "http://github.com/a/b": "",
+ }
+
+ for reqURL, proxyURL := range kases {
+ req, err := http.NewRequest("POST", reqURL, nil)
+ assert.NoError(t, err)
+
+ u, err := webhookProxy()(req)
+ assert.NoError(t, err)
+ if proxyURL == "" {
+ assert.Nil(t, u)
+ } else {
+ assert.EqualValues(t, proxyURL, u.String())
+ }
+ }
+}