gitautodeploy/parsers/github.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

from common import WebhookRequestParser

class GitHubRequestParser(WebhookRequestParser):

    def get_repo_params_from_request(self, request_headers, request_body):
        import json
        import logging

        logger = logging.getLogger()
        data = json.loads(request_body)

        repo_urls = []
        ref = ""
        action = ""

        github_event = 'x-github-event' in request_headers and request_headers['x-github-event']

        logger.debug("Received '%s' event from GitHub" % github_event)

        if 'repository' not in data:
            logger.error("Unable to recognize data format")
            return [], ref or "master", action

        # One repository may posses multiple URLs for different protocols
        for k in ['url', 'git_url', 'clone_url', 'ssh_url']:
            if k in data['repository']:
                repo_urls.append(data['repository'][k])

        if 'pull_request' in data:
            if 'base' in data['pull_request']:
                if 'ref' in data['pull_request']['base']:
                    ref = data['pull_request']['base']['ref']
                    logger.debug("Pull request to branch '%s' was fired" % ref)
        elif 'ref' in data:
            ref = data['ref']
            logger.debug("Push to branch '%s' was fired" % ref)

        if 'action' in data:
            action = data['action']
            logger.debug("Action '%s' was fired" % action)

        # Get a list of configured repositories that matches the incoming web hook reqeust
        repo_configs = self.get_matching_repo_configs(repo_urls)

        return repo_configs, ref or "master", action, repo_urls

    def validate_request(self, request_headers, repo_configs):
        import logging

        logger = logging.getLogger()

        for repo_config in repo_configs:

            # Validate secret token if present
            if 'secret-token' in repo_config and 'x-hub-signature' in request_headers:
                if not self.verify_signature(repo_config['secret-token'], request_body, request_headers['x-hub-signature']):
                    logger.info("Request signature does not match the 'secret-token' configured for repository %s." % repo_config['url'])
                    return False

        return True

    def verify_signature(self, token, body, signature):
        import hashlib
        import hmac

        result = "sha1=" + hmac.new(str(token), body, hashlib.sha1).hexdigest()
        return result == signature