From e96253d542530d5186bea3d56a37300bfd92c05c Mon Sep 17 00:00:00 2001 From: Jimmy Date: Sun, 1 Aug 2021 13:04:41 +1200 Subject: [PATCH] Switch to fastapi --- app/auth.py | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ app/main.py | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 app/auth.py create mode 100755 app/main.py diff --git a/app/auth.py b/app/auth.py new file mode 100644 index 0000000..dbf6b46 --- /dev/null +++ b/app/auth.py @@ -0,0 +1,50 @@ +import os +import hmac +from fastapi import Request +from fastapi.exceptions import HTTPException +from fastapi.param_functions import Header +from dotenv import load_dotenv + +load_dotenv() + +async def check_ref(request: Request): + json = await request.json() + if json["ref"] and json["ref"] == f"refs/heads/{os.environ.get('BRANCH')}": + return + raise HTTPException(status_code=403, detail="Invalid branch") + +async def auth_hook(request: Request): + try: + json = await request.json() + text = await request.body() + except: + raise HTTPException(status_code=204, detail="Missing or bad content") + header_signature = request.headers.get('X-Hub-Signature') + + if not header_signature: + raise HTTPException(status_code=400, detail="Missing signature") + + # separate the signature from the sha1 indication + sha_name, signature = header_signature.split('=') + if sha_name != 'sha1': + raise HTTPException(status_code=400, detail="Invalid signature") + + secret_key = os.environ.get('WEBHOOK_SECRET') + if secret_key is None: + raise HTTPException(status_code=503, detail="Missing WEBHOOK_SECRET") + + # create a new hmac with the secret key and the request data + mac = hmac.new(secret_key.encode(), msg=text, digestmod='sha1') + + # verify the digest matches the signature + if not hmac.compare_digest(mac.hexdigest(), signature): + raise HTTPException(status_code=403, detail="Unauthorized") + +async def auth_web(request: Request): + token = request._query_params.get("token") + if token is None: + raise HTTPException(status_code=400, detail="Missing token") + print(token, os.environ.get("TOKEN")) + if token == os.environ.get("TOKEN"): + return + raise HTTPException(status_code=403, detail="Invalid token") \ No newline at end of file diff --git a/app/main.py b/app/main.py new file mode 100755 index 0000000..99b4ce8 --- /dev/null +++ b/app/main.py @@ -0,0 +1,34 @@ +from os import environ +import os +from fastapi import FastAPI, Body, Request, Depends +import json +from fastapi.exceptions import HTTPException + +from fastapi.param_functions import Header +from fastapi_responses import custom_openapi +from app.auth import auth_hook, auth_web, check_ref +from app.pack import Pack + + +if not os.environ.get("DOCKER"): + from dotenv import load_dotenv + load_dotenv + +app = FastAPI() + +app.openapi = custom_openapi(app) + +pack = Pack() +pack.clone() + +@app.get("/", dependencies=[Depends(auth_web)]) +@app.post("/", dependencies=[Depends(auth_hook), Depends(check_ref)]) +async def hook(req: Request): + pack.pull() + pack.collate() + pack.compress() + pack.hash() + pack.upload() + return "Update" + +