add Gogs compatibility

2024-11-18 03:04:23 +00:00 · 2018-05-11 13:26:17 -07:00 · 2018-05-11 13:26:17 -07:00 · 6158011da9
commit 6158011da9
parent a561edd7a2
1 changed files with 25 additions and 20 deletions
--- a/githook.moon
+++ b/githook.moon
@ -2,9 +2,9 @@ lapis = require "lapis"
 config = require("lapis.config").get!

 import respond_to, json_params from require "lapis.application"
-import hmac_sha1 from require "lapis.util.encoding"
-import GithookLogs from require "models"
+import hmac_sha1, hmac_sha256 from require "lapis.util.encoding"
 import encode from require "cjson"
+import GithookLogs from require "models"
 import locate, autoload, registry from require "locator"
 import settings from autoload "utility"
 import execute from locate "utility.shell"
@ -93,8 +93,17 @@ unauthorized = ->
    message: "invalid credentials or no credentials were sent"
  }

+invalid = (reason) ->
+  return status: 400, json: {
+    status: "invalid request"
+    message: reason
+  }
+
 class extends lapis.Application
  [githook: "/githook"]: respond_to {
+    before: =>
+      @branch = config.githook_branch or settings["githook.branch"] or "master"
+
    GET: =>
      unless settings["githook.allow_get"]
        return status: 405, json: {
@ -105,37 +114,33 @@ class extends lapis.Application
      unless settings["githook.run_without_auth"]
        return unauthorized!

-      branch = config.githook_branch or settings["githook.branch"] or "master"
-      @results = run_update branch
+      @results = run_update(@branch)
      return render: locate "views.githook_get"

    POST: json_params =>
-      branch = config.githook_branch or settings["githook.branch"] or "master"
      if config.githook_secret
        ngx.req.read_body!
        if body = ngx.req.get_body_data!
-          authorized = const_compare "sha1=#{hex_dump hmac_sha1 config.githook_secret, body}", @req.headers["X-Hub-Signature"]
+          local authorized
+          if github_hash = @req.headers["X-Hub-Signature"]
+            authorized = const_compare "sha1=#{hex_dump hmac_sha1 config.githook_secret, body}", github_hash
+          elseif gogs_hash = @req.headers["X-Gogs-Signature"]
+            authorized = const_compare gogs_hash, hex_dump hmac_sha256 config.githook_secret, body
          unless authorized
            return unauthorized!
-          if @params.ref == "refs/heads/#{branch}"
-            return run_update branch
+          if @params.ref == "refs/heads/#{@branch}"
+            return run_update(@branch)
          elseif @params.ref == nil
-            return status: 400, json: {
-              status: "invalid request"
-              message: "'ref' not defined in request body"
-            }
+            return invalid "'ref' not defined in request body"
          else
-            return ignored branch
+            return ignored(@branch)
        else
-          return status: 400, json: {
-            status: "invalid request"
-            message: "no request body"
-          }
+          return invalid "no request body"
      elseif settings["githook.run_without_auth"]
-        if @params.ref == "refs/heads/#{branch}"
-          return run_update branch
+        if @params.ref == "refs/heads/#{@branch}"
+          return run_update(@branch)
        else
-          return ignored branch
+          return ignored(@branch)
      else
        return unauthorized!
    }