mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33490 Commits
59 Branches
Tree: a7431823ca
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a7431823ca'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/main/java/org/sonar/server/webhook/ws/CreateAction.java

CreateAction.java 7.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2023 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.webhook.ws;

  21. 

  22. import javax.annotation.Nullable;

  23. import org.sonar.api.server.ws.Request;

  24. import org.sonar.api.server.ws.Response;

  25. import org.sonar.api.server.ws.WebService;

  26. import org.sonar.core.util.UuidFactory;

  27. import org.sonar.db.DbClient;

  28. import org.sonar.db.DbSession;

  29. import org.sonar.db.project.ProjectDto;

  30. import org.sonar.db.webhook.WebhookDto;

  31. import org.sonar.server.component.ComponentFinder;

  32. import org.sonar.server.user.UserSession;

  33. 

  34. import static java.lang.String.format;

  35. import static org.apache.commons.lang.StringUtils.isNotBlank;

  36. import static org.sonar.server.webhook.ws.WebhooksWsParameters.ACTION_CREATE;

  37. import static org.sonar.server.webhook.ws.WebhooksWsParameters.NAME_PARAM;

  38. import static org.sonar.server.webhook.ws.WebhooksWsParameters.NAME_PARAM_MAXIMUM_LENGTH;

  39. import static org.sonar.server.webhook.ws.WebhooksWsParameters.PROJECT_KEY_PARAM;

  40. import static org.sonar.server.webhook.ws.WebhooksWsParameters.PROJECT_KEY_PARAM_MAXIMUM_LENGTH;

  41. import static org.sonar.server.webhook.ws.WebhooksWsParameters.SECRET_PARAM;

  42. import static org.sonar.server.webhook.ws.WebhooksWsParameters.SECRET_PARAM_MAXIMUM_LENGTH;

  43. import static org.sonar.server.webhook.ws.WebhooksWsParameters.URL_PARAM;

  44. import static org.sonar.server.webhook.ws.WebhooksWsParameters.URL_PARAM_MAXIMUM_LENGTH;

  45. import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;

  46. import static org.sonar.server.ws.KeyExamples.NAME_WEBHOOK_EXAMPLE_001;

  47. import static org.sonar.server.ws.KeyExamples.URL_WEBHOOK_EXAMPLE_001;

  48. import static org.sonar.server.ws.WsUtils.writeProtobuf;

  49. import static org.sonarqube.ws.Webhooks.CreateWsResponse.Webhook;

  50. import static org.sonarqube.ws.Webhooks.CreateWsResponse.newBuilder;

  51. 

  52. public class CreateAction implements WebhooksWsAction {

  53. 

  54.   private static final int MAX_NUMBER_OF_WEBHOOKS = 10;

  55. 

  56.   private final DbClient dbClient;

  57.   private final UserSession userSession;

  58.   private final UuidFactory uuidFactory;

  59.   private final WebhookSupport webhookSupport;

  60.   private final ComponentFinder componentFinder;

  61. 

  62.   public CreateAction(DbClient dbClient, UserSession userSession, UuidFactory uuidFactory, WebhookSupport webhookSupport, ComponentFinder componentFinder) {

  63.     this.dbClient = dbClient;

  64.     this.userSession = userSession;

  65.     this.uuidFactory = uuidFactory;

  66.     this.webhookSupport = webhookSupport;

  67.     this.componentFinder = componentFinder;

  68.   }

  69. 

  70.   @Override

  71.   public void define(WebService.NewController controller) {

  72.     WebService.NewAction action = controller.createAction(ACTION_CREATE)

  73.       .setPost(true)

  74.       .setDescription("Create a Webhook.<br>" +

  75.         "Requires 'Administer' permission on the specified project, or global 'Administer' permission.")

  76.       .setSince("7.1")

  77.       .setResponseExample(getClass().getResource("example-webhook-create.json"))

  78.       .setHandler(this);

  79. 

  80.     action.createParam(NAME_PARAM)

  81.       .setRequired(true)

  82.       .setMaximumLength(NAME_PARAM_MAXIMUM_LENGTH)

  83.       .setDescription("Name displayed in the administration console of webhooks")

  84.       .setExampleValue(NAME_WEBHOOK_EXAMPLE_001);

  85. 

  86.     action.createParam(URL_PARAM)

  87.       .setRequired(true)

  88.       .setMaximumLength(URL_PARAM_MAXIMUM_LENGTH)

  89.       .setDescription("Server endpoint that will receive the webhook payload, for example 'http://my_server/foo'." +

  90.         " If HTTP Basic authentication is used, HTTPS is recommended to avoid man in the middle attacks." +

  91.         " Example: 'https://myLogin:myPassword@my_server/foo'")

  92.       .setExampleValue(URL_WEBHOOK_EXAMPLE_001);

  93. 

  94.     action.createParam(PROJECT_KEY_PARAM)

  95.       .setRequired(false)

  96.       .setMaximumLength(PROJECT_KEY_PARAM_MAXIMUM_LENGTH)

  97.       .setDescription("The key of the project that will own the webhook")

  98.       .setExampleValue(KEY_PROJECT_EXAMPLE_001);

  99. 

  100.     action.createParam(SECRET_PARAM)

  101.       .setRequired(false)

  102.       .setMinimumLength(1)

  103.       .setMaximumLength(SECRET_PARAM_MAXIMUM_LENGTH)

  104.       .setDescription("If provided, secret will be used as the key to generate the HMAC hex (lowercase) digest value in the 'X-Sonar-Webhook-HMAC-SHA256' header")

  105.       .setExampleValue("your_secret")

  106.       .setSince("7.8");

  107.   }

  108. 

  109.   @Override

  110.   public void handle(Request request, Response response) throws Exception {

  111.     userSession.checkLoggedIn();

  112. 

  113.     String name = request.mandatoryParam(NAME_PARAM);

  114.     String url = request.mandatoryParam(URL_PARAM);

  115.     String projectKey = request.param(PROJECT_KEY_PARAM);

  116.     String secret = request.param(SECRET_PARAM);

  117. 

  118.     try (DbSession dbSession = dbClient.openSession(false)) {

  119.       ProjectDto projectDto = null;

  120.       if (isNotBlank(projectKey)) {

  121.         projectDto = componentFinder.getProjectByKey(dbSession, projectKey);

  122.         webhookSupport.checkPermission(projectDto);

  123.       } else {

  124.         webhookSupport.checkPermission();

  125.       }

  126. 

  127.       webhookSupport.checkUrlPattern(url, "Url parameter with value '%s' is not a valid url", url);

  128.       WebhookDto dto = doHandle(dbSession, projectDto, name, url, secret);

  129.       String projectName = projectDto == null ? null : projectDto.getName();

  130.       dbClient.webhookDao().insert(dbSession, dto, projectKey, projectName);

  131.       dbSession.commit();

  132.       writeResponse(request, response, dto);

  133.     }

  134. 

  135.   }

  136. 

  137.   private WebhookDto doHandle(DbSession dbSession, @Nullable ProjectDto project, String name, String url, @Nullable String secret) {

  138.     WebhookDto dto = new WebhookDto()

  139.       .setUuid(uuidFactory.create())

  140.       .setName(name)

  141.       .setUrl(url)

  142.       .setSecret(secret);

  143. 

  144.     if (project != null) {

  145.       checkNumberOfWebhook(numberOfWebhookOf(dbSession, project), project.getKey());

  146.       dto.setProjectUuid(project.getUuid());

  147.     } else {

  148.       checkNumberOfGlobalWebhooks(dbSession);

  149.     }

  150. 

  151.     return dto;

  152.   }

  153. 

  154.   private static void writeResponse(Request request, Response response, WebhookDto dto) {

  155.     Webhook.Builder webhookBuilder = Webhook.newBuilder();

  156.     webhookBuilder

  157.       .setKey(dto.getUuid())

  158.       .setName(dto.getName())

  159.       .setUrl(dto.getUrl())

  160.       .setHasSecret(dto.getSecret() != null);

  161.     writeProtobuf(newBuilder().setWebhook(webhookBuilder).build(), request, response);

  162.   }

  163. 

  164.   private static void checkNumberOfWebhook(int nbOfWebhooks, String projectKey) {

  165.     if (nbOfWebhooks >= MAX_NUMBER_OF_WEBHOOKS) {

  166.       throw new IllegalArgumentException(format("Maximum number of webhook reached for project '%s'", projectKey));

  167.     }

  168.   }

  169. 

  170.   private int numberOfWebhookOf(DbSession dbSession, ProjectDto projectDto) {

  171.     return dbClient.webhookDao().selectByProject(dbSession, projectDto).size();

  172.   }

  173. 

  174.   private void checkNumberOfGlobalWebhooks(DbSession dbSession) {

  175.     int globalWebhooksCount = dbClient.webhookDao().selectGlobalWebhooks(dbSession).size();

  176.     if (globalWebhooksCount >= MAX_NUMBER_OF_WEBHOOKS) {

  177.       throw new IllegalArgumentException("Maximum number of global webhooks reached");

  178.     }

  179.   }

  180. }