* Webhook support custom proxy * Add glob support on webhook proxy host rules * fix app.ini.sample * improve code and app.ini.sample * update cheetsheet about added webhook optionstags/v1.11.0-rc1
@@ -511,6 +511,10 @@ DELIVER_TIMEOUT = 5 | |||
SKIP_TLS_VERIFY = false | |||
; Number of history information in each page | |||
PAGING_NUM = 10 | |||
; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy | |||
PROXY_URL = | |||
; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts. | |||
PROXY_HOSTS = | |||
[mailer] | |||
ENABLED = false |
@@ -312,6 +312,8 @@ relation to port exhaustion. | |||
- `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks. | |||
- `SKIP_TLS_VERIFY`: **false**: Allow insecure certification. | |||
- `PAGING_NUM`: **10**: Number of webhook history events that are shown in one page. | |||
- `PROXY_URL`: ****: Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy | |||
- `PROXY_HOSTS`: ****: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts. | |||
## Mailer (`mailer`) | |||
@@ -129,6 +129,8 @@ menu: | |||
- `DELIVER_TIMEOUT`: 请求webhooks的超时时间,单位秒。 | |||
- `SKIP_TLS_VERIFY`: 是否允许不安全的证书。 | |||
- `PAGING_NUM`: 每页显示的Webhook 历史数量。 | |||
- `PROXY_URL`: ****: 代理服务器网址,支持 http://, https//, socks://, 为空将使用环境变量中的 http_proxy/https_proxy 设置。 | |||
- `PROXY_HOSTS`: ****: 逗号分隔的需要代理的域名或IP地址。支持 * 号匹配符,使用 ** 匹配所有域名和IP地址。 | |||
## Mailer (`mailer`) | |||
@@ -4,6 +4,12 @@ | |||
package setting | |||
import ( | |||
"net/url" | |||
"code.gitea.io/gitea/modules/log" | |||
) | |||
var ( | |||
// Webhook settings | |||
Webhook = struct { | |||
@@ -12,11 +18,16 @@ var ( | |||
SkipTLSVerify bool | |||
Types []string | |||
PagingNum int | |||
ProxyURL string | |||
ProxyURLFixed *url.URL | |||
ProxyHosts []string | |||
}{ | |||
QueueLength: 1000, | |||
DeliverTimeout: 5, | |||
SkipTLSVerify: false, | |||
PagingNum: 10, | |||
ProxyURL: "", | |||
ProxyHosts: []string{}, | |||
} | |||
) | |||
@@ -27,4 +38,14 @@ func newWebhookService() { | |||
Webhook.SkipTLSVerify = sec.Key("SKIP_TLS_VERIFY").MustBool() | |||
Webhook.Types = []string{"gitea", "gogs", "slack", "discord", "dingtalk", "telegram", "msteams"} | |||
Webhook.PagingNum = sec.Key("PAGING_NUM").MustInt(10) | |||
Webhook.ProxyURL = sec.Key("PROXY_URL").MustString("") | |||
if Webhook.ProxyURL != "" { | |||
var err error | |||
Webhook.ProxyURLFixed, err = url.Parse(Webhook.ProxyURL) | |||
if err != nil { | |||
log.Error("Webhook PROXY_URL is not valid") | |||
Webhook.ProxyURL = "" | |||
} | |||
} | |||
Webhook.ProxyHosts = sec.Key("PROXY_HOSTS").Strings(",") | |||
} |
@@ -12,11 +12,13 @@ import ( | |||
"net/http" | |||
"net/url" | |||
"strings" | |||
"sync" | |||
"time" | |||
"code.gitea.io/gitea/models" | |||
"code.gitea.io/gitea/modules/log" | |||
"code.gitea.io/gitea/modules/setting" | |||
"github.com/gobwas/glob" | |||
"github.com/unknwon/com" | |||
) | |||
@@ -182,7 +184,36 @@ func DeliverHooks() { | |||
} | |||
} | |||
var webhookHTTPClient *http.Client | |||
var ( | |||
webhookHTTPClient *http.Client | |||
once sync.Once | |||
hostMatchers []glob.Glob | |||
) | |||
func webhookProxy() func(req *http.Request) (*url.URL, error) { | |||
if setting.Webhook.ProxyURL == "" { | |||
return http.ProxyFromEnvironment | |||
} | |||
once.Do(func() { | |||
for _, h := range setting.Webhook.ProxyHosts { | |||
if g, err := glob.Compile(h); err == nil { | |||
hostMatchers = append(hostMatchers, g) | |||
} else { | |||
log.Error("glob.Compile %s failed: %v", h, err) | |||
} | |||
} | |||
}) | |||
return func(req *http.Request) (*url.URL, error) { | |||
for _, v := range hostMatchers { | |||
if v.Match(req.URL.Host) { | |||
return http.ProxyURL(setting.Webhook.ProxyURLFixed)(req) | |||
} | |||
} | |||
return http.ProxyFromEnvironment(req) | |||
} | |||
} | |||
// InitDeliverHooks starts the hooks delivery thread | |||
func InitDeliverHooks() { | |||
@@ -191,7 +222,7 @@ func InitDeliverHooks() { | |||
webhookHTTPClient = &http.Client{ | |||
Transport: &http.Transport{ | |||
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify}, | |||
Proxy: http.ProxyFromEnvironment, | |||
Proxy: webhookProxy(), | |||
Dial: func(netw, addr string) (net.Conn, error) { | |||
conn, err := net.DialTimeout(netw, addr, timeout) | |||
if err != nil { | |||
@@ -199,7 +230,6 @@ func InitDeliverHooks() { | |||
} | |||
return conn, conn.SetDeadline(time.Now().Add(timeout)) | |||
}, | |||
}, | |||
} |
@@ -0,0 +1,39 @@ | |||
// Copyright 2019 The Gitea Authors. All rights reserved. | |||
// Use of this source code is governed by a MIT-style | |||
// license that can be found in the LICENSE file. | |||
package webhook | |||
import ( | |||
"net/http" | |||
"net/url" | |||
"testing" | |||
"code.gitea.io/gitea/modules/setting" | |||
"github.com/stretchr/testify/assert" | |||
) | |||
func TestWebhookProxy(t *testing.T) { | |||
setting.Webhook.ProxyURL = "http://localhost:8080" | |||
setting.Webhook.ProxyURLFixed, _ = url.Parse(setting.Webhook.ProxyURL) | |||
setting.Webhook.ProxyHosts = []string{"*.discordapp.com", "discordapp.com"} | |||
var kases = map[string]string{ | |||
"https://discordapp.com/api/webhooks/xxxxxxxxx/xxxxxxxxxxxxxxxxxxx": "http://localhost:8080", | |||
"http://s.discordapp.com/assets/xxxxxx": "http://localhost:8080", | |||
"http://github.com/a/b": "", | |||
} | |||
for reqURL, proxyURL := range kases { | |||
req, err := http.NewRequest("POST", reqURL, nil) | |||
assert.NoError(t, err) | |||
u, err := webhookProxy()(req) | |||
assert.NoError(t, err) | |||
if proxyURL == "" { | |||
assert.Nil(t, u) | |||
} else { | |||
assert.EqualValues(t, proxyURL, u.String()) | |||
} | |||
} | |||
} |