1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
from .base import WebhookRequestParserBase
class GitHubRequestParser(WebhookRequestParserBase):
def get_matching_projects(self, request_headers, request_body, action):
import json
data = json.loads(request_body)
repo_urls = []
github_event = 'x-github-event' in request_headers and request_headers['x-github-event']
action.log_info("Received '%s' event from GitHub" % github_event)
if 'repository' not in data:
action.log_error("Unable to recognize data format")
return []
# One repository may posses multiple URLs for different protocols
for k in ['url', 'git_url', 'clone_url', 'ssh_url']:
if k in data['repository']:
repo_urls.append(data['repository'][k])
# Get a list of configured repositories that matches the incoming web hook reqeust
repo_configs = self.get_matching_repo_configs(repo_urls, action)
return repo_configs
def validate_request(self, request_headers, repo_configs, action):
for repo_config in repo_configs:
# Validate secret token if present
if 'secret-token' in repo_config and 'x-hub-signature' in request_headers:
if not self.verify_signature(repo_config['secret-token'], request_body, request_headers['x-hub-signature']):
action.log_info("Request signature does not match the 'secret-token' configured for repository %s." % repo_config['url'])
return False
return True
def verify_signature(self, token, body, signature):
import hashlib
import hmac
result = "sha1=" + hmac.new(str(token), body, hashlib.sha1).hexdigest()
return result == signature
|
