123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312 |
- // Copyright 2019 The Gitea Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
-
- package webhook
-
- import (
- "context"
- "crypto/hmac"
- "crypto/sha1"
- "crypto/sha256"
- "crypto/tls"
- "encoding/hex"
- "fmt"
- "io"
- "net/http"
- "net/url"
- "strconv"
- "strings"
- "sync"
- "time"
-
- webhook_model "code.gitea.io/gitea/models/webhook"
- "code.gitea.io/gitea/modules/graceful"
- "code.gitea.io/gitea/modules/hostmatcher"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/proxy"
- "code.gitea.io/gitea/modules/setting"
-
- "github.com/gobwas/glob"
- )
-
- // Deliver deliver hook task
- func Deliver(t *webhook_model.HookTask) error {
- w, err := webhook_model.GetWebhookByID(t.HookID)
- if err != nil {
- return err
- }
-
- defer func() {
- err := recover()
- if err == nil {
- return
- }
- // There was a panic whilst delivering a hook...
- log.Error("PANIC whilst trying to deliver webhook[%d] for repo[%d] to %s Panic: %v\nStacktrace: %s", t.ID, t.RepoID, w.URL, err, log.Stack(2))
- }()
-
- t.IsDelivered = true
-
- var req *http.Request
-
- switch w.HTTPMethod {
- case "":
- log.Info("HTTP Method for webhook %d empty, setting to POST as default", t.ID)
- fallthrough
- case http.MethodPost:
- switch w.ContentType {
- case webhook_model.ContentTypeJSON:
- req, err = http.NewRequest("POST", w.URL, strings.NewReader(t.PayloadContent))
- if err != nil {
- return err
- }
-
- req.Header.Set("Content-Type", "application/json")
- case webhook_model.ContentTypeForm:
- var forms = url.Values{
- "payload": []string{t.PayloadContent},
- }
-
- req, err = http.NewRequest("POST", w.URL, strings.NewReader(forms.Encode()))
- if err != nil {
- return err
- }
-
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- }
- case http.MethodGet:
- u, err := url.Parse(w.URL)
- if err != nil {
- return err
- }
- vals := u.Query()
- vals["payload"] = []string{t.PayloadContent}
- u.RawQuery = vals.Encode()
- req, err = http.NewRequest("GET", u.String(), nil)
- if err != nil {
- return err
- }
- case http.MethodPut:
- switch w.Type {
- case webhook_model.MATRIX:
- req, err = getMatrixHookRequest(w, t)
- if err != nil {
- return err
- }
- default:
- return fmt.Errorf("invalid http method for webhook: [%d] %v", t.ID, w.HTTPMethod)
- }
- default:
- return fmt.Errorf("invalid http method for webhook: [%d] %v", t.ID, w.HTTPMethod)
- }
-
- var signatureSHA1 string
- var signatureSHA256 string
- if len(w.Secret) > 0 {
- sig1 := hmac.New(sha1.New, []byte(w.Secret))
- sig256 := hmac.New(sha256.New, []byte(w.Secret))
- _, err = io.MultiWriter(sig1, sig256).Write([]byte(t.PayloadContent))
- if err != nil {
- log.Error("prepareWebhooks.sigWrite: %v", err)
- }
- signatureSHA1 = hex.EncodeToString(sig1.Sum(nil))
- signatureSHA256 = hex.EncodeToString(sig256.Sum(nil))
- }
-
- event := t.EventType.Event()
- eventType := string(t.EventType)
- req.Header.Add("X-Gitea-Delivery", t.UUID)
- req.Header.Add("X-Gitea-Event", event)
- req.Header.Add("X-Gitea-Event-Type", eventType)
- req.Header.Add("X-Gitea-Signature", signatureSHA256)
- req.Header.Add("X-Gogs-Delivery", t.UUID)
- req.Header.Add("X-Gogs-Event", event)
- req.Header.Add("X-Gogs-Event-Type", eventType)
- req.Header.Add("X-Gogs-Signature", signatureSHA256)
- req.Header.Add("X-Hub-Signature", "sha1="+signatureSHA1)
- req.Header.Add("X-Hub-Signature-256", "sha256="+signatureSHA256)
- req.Header["X-GitHub-Delivery"] = []string{t.UUID}
- req.Header["X-GitHub-Event"] = []string{event}
- req.Header["X-GitHub-Event-Type"] = []string{eventType}
-
- // Record delivery information.
- t.RequestInfo = &webhook_model.HookRequest{
- URL: req.URL.String(),
- HTTPMethod: req.Method,
- Headers: map[string]string{},
- }
- for k, vals := range req.Header {
- t.RequestInfo.Headers[k] = strings.Join(vals, ",")
- }
-
- t.ResponseInfo = &webhook_model.HookResponse{
- Headers: map[string]string{},
- }
-
- defer func() {
- t.Delivered = time.Now().UnixNano()
- if t.IsSucceed {
- log.Trace("Hook delivered: %s", t.UUID)
- } else {
- log.Trace("Hook delivery failed: %s", t.UUID)
- }
-
- if err := webhook_model.UpdateHookTask(t); err != nil {
- log.Error("UpdateHookTask [%d]: %v", t.ID, err)
- }
-
- // Update webhook last delivery status.
- if t.IsSucceed {
- w.LastStatus = webhook_model.HookStatusSucceed
- } else {
- w.LastStatus = webhook_model.HookStatusFail
- }
- if err = webhook_model.UpdateWebhookLastStatus(w); err != nil {
- log.Error("UpdateWebhookLastStatus: %v", err)
- return
- }
- }()
-
- if setting.DisableWebhooks {
- return fmt.Errorf("webhook task skipped (webhooks disabled): [%d]", t.ID)
- }
-
- resp, err := webhookHTTPClient.Do(req.WithContext(graceful.GetManager().ShutdownContext()))
- if err != nil {
- t.ResponseInfo.Body = fmt.Sprintf("Delivery: %v", err)
- return err
- }
- defer resp.Body.Close()
-
- // Status code is 20x can be seen as succeed.
- t.IsSucceed = resp.StatusCode/100 == 2
- t.ResponseInfo.Status = resp.StatusCode
- for k, vals := range resp.Header {
- t.ResponseInfo.Headers[k] = strings.Join(vals, ",")
- }
-
- p, err := io.ReadAll(resp.Body)
- if err != nil {
- t.ResponseInfo.Body = fmt.Sprintf("read body: %s", err)
- return err
- }
- t.ResponseInfo.Body = string(p)
- return nil
- }
-
- // DeliverHooks checks and delivers undelivered hooks.
- // FIXME: graceful: This would likely benefit from either a worker pool with dummy queue
- // or a full queue. Then more hooks could be sent at same time.
- func DeliverHooks(ctx context.Context) {
- select {
- case <-ctx.Done():
- return
- default:
- }
- tasks, err := webhook_model.FindUndeliveredHookTasks()
- if err != nil {
- log.Error("DeliverHooks: %v", err)
- return
- }
-
- // Update hook task status.
- for _, t := range tasks {
- select {
- case <-ctx.Done():
- return
- default:
- }
- if err = Deliver(t); err != nil {
- log.Error("deliver: %v", err)
- }
- }
-
- // Start listening on new hook requests.
- for {
- select {
- case <-ctx.Done():
- hookQueue.Close()
- return
- case repoIDStr := <-hookQueue.Queue():
- log.Trace("DeliverHooks [repo_id: %v]", repoIDStr)
- hookQueue.Remove(repoIDStr)
-
- repoID, err := strconv.ParseInt(repoIDStr, 10, 64)
- if err != nil {
- log.Error("Invalid repo ID: %s", repoIDStr)
- continue
- }
-
- tasks, err := webhook_model.FindRepoUndeliveredHookTasks(repoID)
- if err != nil {
- log.Error("Get repository [%d] hook tasks: %v", repoID, err)
- continue
- }
- for _, t := range tasks {
- select {
- case <-ctx.Done():
- return
- default:
- }
- if err = Deliver(t); err != nil {
- log.Error("deliver: %v", err)
- }
- }
- }
- }
-
- }
-
- var (
- webhookHTTPClient *http.Client
- once sync.Once
- hostMatchers []glob.Glob
- )
-
- func webhookProxy() func(req *http.Request) (*url.URL, error) {
- if setting.Webhook.ProxyURL == "" {
- return proxy.Proxy()
- }
-
- once.Do(func() {
- for _, h := range setting.Webhook.ProxyHosts {
- if g, err := glob.Compile(h); err == nil {
- hostMatchers = append(hostMatchers, g)
- } else {
- log.Error("glob.Compile %s failed: %v", h, err)
- }
- }
- })
-
- return func(req *http.Request) (*url.URL, error) {
- for _, v := range hostMatchers {
- if v.Match(req.URL.Host) {
- return http.ProxyURL(setting.Webhook.ProxyURLFixed)(req)
- }
- }
- return http.ProxyFromEnvironment(req)
- }
- }
-
- // InitDeliverHooks starts the hooks delivery thread
- func InitDeliverHooks() {
- timeout := time.Duration(setting.Webhook.DeliverTimeout) * time.Second
-
- allowedHostListValue := setting.Webhook.AllowedHostList
- if allowedHostListValue == "" {
- allowedHostListValue = hostmatcher.MatchBuiltinExternal
- }
- allowedHostMatcher := hostmatcher.ParseHostMatchList("webhook.ALLOWED_HOST_LIST", allowedHostListValue)
-
- webhookHTTPClient = &http.Client{
- Timeout: timeout,
- Transport: &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify},
- Proxy: webhookProxy(),
- DialContext: hostmatcher.NewDialContext("webhook", allowedHostMatcher, nil),
- },
- }
-
- go graceful.GetManager().RunWithShutdownContext(DeliverHooks)
- }
|