From d77b8ba67be5d4955cfaeb141197a1ab0ab86963 Mon Sep 17 00:00:00 2001 From: jazzari Date: Thu, 20 Jul 2023 14:58:21 -0300 Subject: [PATCH 01/29] feat: created job to make git pull #12980 --- app/jobs/git_pull_job.rb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 app/jobs/git_pull_job.rb diff --git a/app/jobs/git_pull_job.rb b/app/jobs/git_pull_job.rb new file mode 100644 index 00000000..0c9ef237 --- /dev/null +++ b/app/jobs/git_pull_job.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +# Permite traer los cambios cada vez que se +# hace un push al repositorio +class GitPullJob < ApplicationJob + # @param :site [Site] + # @return [nil] + def perform(site) + # hace un fetch para ver cambios + site.repository.fetch + + # hace un merge + site.repository.merge(site.usuarie) + site.repository.git_sh("git lfs fetch") + + end + end \ No newline at end of file From 3e12bfbe9ec950ec4dfd639717664742bc0491b6 Mon Sep 17 00:00:00 2001 From: jazzari Date: Fri, 21 Jul 2023 17:12:26 -0300 Subject: [PATCH 02/29] fix: add git lfs fetch to repository#fetch method #12980 --- app/jobs/git_pull_job.rb | 12 ++++-------- app/models/site/repository.rb | 6 +++++- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/app/jobs/git_pull_job.rb b/app/jobs/git_pull_job.rb index 0c9ef237..de263403 100644 --- a/app/jobs/git_pull_job.rb +++ b/app/jobs/git_pull_job.rb @@ -4,14 +4,10 @@ # hace un push al repositorio class GitPullJob < ApplicationJob # @param :site [Site] + # @param :usuarie [Usuarie] # @return [nil] - def perform(site) - # hace un fetch para ver cambios + def perform(site, usuarie) site.repository.fetch - - # hace un merge - site.repository.merge(site.usuarie) - site.repository.git_sh("git lfs fetch") - + site.repository.merge(usuarie) end - end \ No newline at end of file +end \ No newline at end of file diff --git a/app/models/site/repository.rb b/app/models/site/repository.rb index 62e4c45e..d2832091 100644 --- a/app/models/site/repository.rb +++ b/app/models/site/repository.rb @@ -45,7 +45,9 @@ class Site # @return [Integer] def fetch if origin.check_connection(:fetch, credentials: credentials) - rugged.fetch(origin, credentials: credentials)[:received_objects] + rugged.fetch(origin, credentials: credentials)[:received_objects].tap do |objects| + git_sh("git", "lfs", "fetch", "origin", default_branch) if objects&.positive? + end else 0 end @@ -75,6 +77,8 @@ class Site # Forzamos el checkout para mover el HEAD al último commit y # escribir los cambios rugged.checkout 'HEAD', strategy: :force + # reemplaza los pointers por los archivos correspondientes + git_sh("git", "lfs", "checkout") commit end From b7e93cd8c8e8a9cbccc40d865571e21ecf0abfc3 Mon Sep 17 00:00:00 2001 From: jazzari Date: Wed, 26 Jul 2023 14:44:11 -0300 Subject: [PATCH 03/29] feat: controlador para gestionar los webhooks #13903 --- app/controllers/api/v1/webhooks_controller.rb | 17 +++++++++++++++++ app/models/site/repository.rb | 4 ++-- config/locales/en.yml | 3 +++ config/locales/es.yml | 3 +++ config/routes.rb | 2 ++ 5 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 app/controllers/api/v1/webhooks_controller.rb diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb new file mode 100644 index 00000000..4811d792 --- /dev/null +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +module Api + module V1 + # Recibe webhooks y lanza jobs + class WebhooksController < BaseController + def pull + # encontrar el sitio + site = Site.find_by_name(params[:site_id]) + usuarie = GitAuthor.new email: "webhook@#{Site.domain}", name: 'Webhook' + message = I18n.t('webhooks.pull.message') + + GitPullJob.perform_later(site, usuarie, message) + end + end + end +end \ No newline at end of file diff --git a/app/models/site/repository.rb b/app/models/site/repository.rb index 404cde3e..a3487bc5 100644 --- a/app/models/site/repository.rb +++ b/app/models/site/repository.rb @@ -56,7 +56,7 @@ class Site # Incorpora los cambios en el repositorio actual # # @return [Rugged::Commit] - def merge(usuarie) + def merge(usuarie, message) merge = rugged.merge_commits(head_commit, remote_head_commit) # No hacemos nada si hay conflictos, pero notificarnos @@ -71,7 +71,7 @@ class Site .create(rugged, update_ref: 'HEAD', parents: [head_commit, remote_head_commit], tree: merge.write_tree(rugged), - message: I18n.t('sites.fetch.merge.message'), + message: message, author: author(usuarie), committer: committer) # Forzamos el checkout para mover el HEAD al último commit y diff --git a/config/locales/en.yml b/config/locales/en.yml index 5f97a8b9..05fcf1e5 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -466,6 +466,9 @@ en: success: 'Site upgrade has been completed. Your next build will run this upgrade :)' error: "There was an error when trying to upgrade your site. This could be due to conflicts that couldn't be solved automatically. A report of the issue has already been sent to our admins. Sorry for the inconvenience! :(" message: 'Skeleton upgrade' + webhooks_controller: + pull: + message: 'Webhooks upgrade' footer: powered_by: 'is developed by' i18n: diff --git a/config/locales/es.yml b/config/locales/es.yml index 9e0b8945..af5a7db7 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -474,6 +474,9 @@ es: success: 'Ya se incorporaron los cambios en el sitio, se aplicarán en la próxima compilación que hagas :)' error: 'Hubo un error al incorporar los cambios en el sitio. Esto puede deberse a conflictos entre cambios que no se pueden resolver automáticamente. Hemos enviado un reporte del problema a les administradores de Sutty para que estén al tanto de la situación. ¡Lo sentimos! :(' message: 'Actualización del esqueleto' + webhooks_controller: + pull: + message: 'Actualización desde Webhooks' footer: powered_by: 'es desarrollada por' i18n: diff --git a/config/routes.rb b/config/routes.rb index 3828915c..f2487066 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -17,6 +17,8 @@ Rails.application.routes.draw do get :'contact/cookie', to: 'invitades#contact_cookie' post :'contact/:form', to: 'contact#receive', as: :contact + + post :'webhooks/pull', to: 'webhooks#pull' end end end From 8947942cb9066f2775faf4b0864e2874a1c39907 Mon Sep 17 00:00:00 2001 From: jazzari Date: Thu, 27 Jul 2023 16:46:32 -0300 Subject: [PATCH 04/29] fix: commit message fixed #13903 --- app/controllers/api/v1/webhooks_controller.rb | 9 ++++++--- app/jobs/git_pull_job.rb | 4 ++-- app/models/site/repository.rb | 2 +- config/locales/en.yml | 2 +- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 4811d792..40187915 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -4,11 +4,14 @@ module Api module V1 # Recibe webhooks y lanza jobs class WebhooksController < BaseController + # Trae los cambios a partir de un post de Webhooks: + # (Gitlab, Github, Guitea, etc) def pull - # encontrar el sitio - site = Site.find_by_name(params[:site_id]) + site = Site.find_by_name!(params[:site_id]) usuarie = GitAuthor.new email: "webhook@#{Site.domain}", name: 'Webhook' - message = I18n.t('webhooks.pull.message') + message = I18n.with_locale(site.default_locale) do + I18n.t('webhooks.pull.message') + end GitPullJob.perform_later(site, usuarie, message) end diff --git a/app/jobs/git_pull_job.rb b/app/jobs/git_pull_job.rb index de263403..5cd86981 100644 --- a/app/jobs/git_pull_job.rb +++ b/app/jobs/git_pull_job.rb @@ -6,8 +6,8 @@ class GitPullJob < ApplicationJob # @param :site [Site] # @param :usuarie [Usuarie] # @return [nil] - def perform(site, usuarie) + def perform(site, usuarie, message) site.repository.fetch - site.repository.merge(usuarie) + site.repository.merge(usuarie, message) if site.repository.fetch&.positive? end end \ No newline at end of file diff --git a/app/models/site/repository.rb b/app/models/site/repository.rb index a3487bc5..a864e8b9 100644 --- a/app/models/site/repository.rb +++ b/app/models/site/repository.rb @@ -56,7 +56,7 @@ class Site # Incorpora los cambios en el repositorio actual # # @return [Rugged::Commit] - def merge(usuarie, message) + def merge(usuarie, message= I18n.t('sites.fetch.merge.message')) merge = rugged.merge_commits(head_commit, remote_head_commit) # No hacemos nada si hay conflictos, pero notificarnos diff --git a/config/locales/en.yml b/config/locales/en.yml index 05fcf1e5..8ae8cce5 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -468,7 +468,7 @@ en: message: 'Skeleton upgrade' webhooks_controller: pull: - message: 'Webhooks upgrade' + message: 'Webhooks pull' footer: powered_by: 'is developed by' i18n: From 9f5364a738825e7dc17b8482ecdd882f069d1ba4 Mon Sep 17 00:00:00 2001 From: jazzari Date: Thu, 27 Jul 2023 17:02:48 -0300 Subject: [PATCH 05/29] fix: add documentation to pull job #13903 --- app/jobs/git_pull_job.rb | 2 +- app/models/site/repository.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/jobs/git_pull_job.rb b/app/jobs/git_pull_job.rb index 5cd86981..a0c15950 100644 --- a/app/jobs/git_pull_job.rb +++ b/app/jobs/git_pull_job.rb @@ -5,9 +5,9 @@ class GitPullJob < ApplicationJob # @param :site [Site] # @param :usuarie [Usuarie] + # @param :message [String] # @return [nil] def perform(site, usuarie, message) - site.repository.fetch site.repository.merge(usuarie, message) if site.repository.fetch&.positive? end end \ No newline at end of file diff --git a/app/models/site/repository.rb b/app/models/site/repository.rb index a864e8b9..c0607d84 100644 --- a/app/models/site/repository.rb +++ b/app/models/site/repository.rb @@ -56,7 +56,7 @@ class Site # Incorpora los cambios en el repositorio actual # # @return [Rugged::Commit] - def merge(usuarie, message= I18n.t('sites.fetch.merge.message')) + def merge(usuarie, message = I18n.t('sites.fetch.merge.message')) merge = rugged.merge_commits(head_commit, remote_head_commit) # No hacemos nada si hay conflictos, pero notificarnos From 9f94ee3bc704dfe9a7787ce6be0b8015a2fcb676 Mon Sep 17 00:00:00 2001 From: jazzari Date: Thu, 27 Jul 2023 17:23:40 -0300 Subject: [PATCH 06/29] fix: add response status to pull method #13903 --- app/controllers/api/v1/webhooks_controller.rb | 2 ++ config/locales/es.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 40187915..a538d99f 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -14,6 +14,8 @@ module Api end GitPullJob.perform_later(site, usuarie, message) + + head :ok end end end diff --git a/config/locales/es.yml b/config/locales/es.yml index af5a7db7..b03a222f 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -476,7 +476,7 @@ es: message: 'Actualización del esqueleto' webhooks_controller: pull: - message: 'Actualización desde Webhooks' + message: 'Pull de webhooks' footer: powered_by: 'es desarrollada por' i18n: From 06ebb63d9389c260e547c73487eb89c108dacb0b Mon Sep 17 00:00:00 2001 From: jazzari Date: Mon, 31 Jul 2023 14:18:07 -0300 Subject: [PATCH 07/29] =?UTF-8?q?fix:=20movido=20git=20lfs=20a=20m=C3=A9to?= =?UTF-8?q?do=20merge=20en=20repository.rb=20#13903?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/jobs/git_pull_job.rb | 4 ++-- app/models/site/repository.rb | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/jobs/git_pull_job.rb b/app/jobs/git_pull_job.rb index a0c15950..dc4a285c 100644 --- a/app/jobs/git_pull_job.rb +++ b/app/jobs/git_pull_job.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true -# Permite traer los cambios cada vez que se -# hace un push al repositorio +# Permite traer los cambios desde webhooks + class GitPullJob < ApplicationJob # @param :site [Site] # @param :usuarie [Usuarie] diff --git a/app/models/site/repository.rb b/app/models/site/repository.rb index c0607d84..9c4d873f 100644 --- a/app/models/site/repository.rb +++ b/app/models/site/repository.rb @@ -45,9 +45,7 @@ class Site # @return [Integer] def fetch if origin.check_connection(:fetch, credentials: credentials) - rugged.fetch(origin, credentials: credentials)[:received_objects].tap do |objects| - git_sh("git", "lfs", "fetch", "origin", default_branch) if objects&.positive? - end + rugged.fetch(origin, credentials: credentials)[:received_objects] else 0 end @@ -77,6 +75,8 @@ class Site # Forzamos el checkout para mover el HEAD al último commit y # escribir los cambios rugged.checkout 'HEAD', strategy: :force + + git_sh("git", "lfs", "fetch", "origin", default_branch) # reemplaza los pointers por los archivos correspondientes git_sh("git", "lfs", "checkout") commit From 579e1776842774733c036b6b621ccf087b2b06cc Mon Sep 17 00:00:00 2001 From: jazzari Date: Mon, 31 Jul 2023 17:32:14 -0300 Subject: [PATCH 08/29] feat: agregada columna token a model rol #13903 --- app/models/rol.rb | 10 ++++++++++ db/migrate/20230731195050_add_token_to_roles.rb | 5 +++++ db/migrate/20230731202003_change_token_name.rb | 5 +++++ 3 files changed, 20 insertions(+) create mode 100644 db/migrate/20230731195050_add_token_to_roles.rb create mode 100644 db/migrate/20230731202003_change_token_name.rb diff --git a/app/models/rol.rb b/app/models/rol.rb index fcd07037..f17bf418 100644 --- a/app/models/rol.rb +++ b/app/models/rol.rb @@ -14,6 +14,9 @@ class Rol < ApplicationRecord validates_inclusion_of :rol, in: ROLES + encrypts :token + before_save :add_token_if_missing! + def invitade? rol == INVITADE end @@ -25,4 +28,11 @@ class Rol < ApplicationRecord def self.role?(rol) ROLES.include? rol end + + private + + # Asegurarse que tenga un token + def add_token_if_missing! + self.token ||= SecureRandom.hex(64) + end end diff --git a/db/migrate/20230731195050_add_token_to_roles.rb b/db/migrate/20230731195050_add_token_to_roles.rb new file mode 100644 index 00000000..635e065c --- /dev/null +++ b/db/migrate/20230731195050_add_token_to_roles.rb @@ -0,0 +1,5 @@ +class AddTokenToRoles < ActiveRecord::Migration[6.1] + def change + add_column :roles, :token, :text + end +end diff --git a/db/migrate/20230731202003_change_token_name.rb b/db/migrate/20230731202003_change_token_name.rb new file mode 100644 index 00000000..50fc0c40 --- /dev/null +++ b/db/migrate/20230731202003_change_token_name.rb @@ -0,0 +1,5 @@ +class ChangeTokenName < ActiveRecord::Migration[6.1] + def change + rename_column :roles, :token, :token_cyphertext + end +end From c19c834f10962e3c58d2b08418ee7790430318c9 Mon Sep 17 00:00:00 2001 From: jazzari Date: Mon, 31 Jul 2023 18:46:07 -0300 Subject: [PATCH 09/29] =?UTF-8?q?fix:=20cambio=20nombre=20comuna=20token?= =?UTF-8?q?=5Fcyphertext=20en=20modelo=20rol=20y=20asignaci=C3=B3n=20retro?= =?UTF-8?q?activa=20#13903?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- db/migrate/20230731202003_change_token_name.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/db/migrate/20230731202003_change_token_name.rb b/db/migrate/20230731202003_change_token_name.rb index 50fc0c40..c3fce3c0 100644 --- a/db/migrate/20230731202003_change_token_name.rb +++ b/db/migrate/20230731202003_change_token_name.rb @@ -1,5 +1,6 @@ class ChangeTokenName < ActiveRecord::Migration[6.1] def change rename_column :roles, :token, :token_cyphertext + Rol.find_each { |m| m.update_column( :token_cyphertext, SecureRandom.hex(64) ) } end end From 705d15c0c1959d3e50b2f8646830a15372c4797e Mon Sep 17 00:00:00 2001 From: jazzari Date: Thu, 10 Aug 2023 16:05:14 -0300 Subject: [PATCH 10/29] fix: change token attribute from encrypted to normal in Rol model #13903 --- app/controllers/api/v1/webhooks_controller.rb | 22 ++++++++++++++----- app/models/rol.rb | 1 - 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index a538d99f..1933f24e 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -2,19 +2,31 @@ module Api module V1 - # Recibe webhooks y lanza jobs + # Recibe webhooks y lanza un PullJob class WebhooksController < BaseController + rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer + + def site + @site ||= Site.find_by_name!(params[:site_id]) + end + + # valida la plataforma del webhook + def usuarie + # Gitlab + token = request.headers["X-Gitlab-Token"] + @usuarie = site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie + end + # Trae los cambios a partir de un post de Webhooks: # (Gitlab, Github, Guitea, etc) def pull - site = Site.find_by_name!(params[:site_id]) - usuarie = GitAuthor.new email: "webhook@#{Site.domain}", name: 'Webhook' message = I18n.with_locale(site.default_locale) do I18n.t('webhooks.pull.message') end - GitPullJob.perform_later(site, usuarie, message) - + end + + def platforms_answer head :ok end end diff --git a/app/models/rol.rb b/app/models/rol.rb index f17bf418..37332400 100644 --- a/app/models/rol.rb +++ b/app/models/rol.rb @@ -14,7 +14,6 @@ class Rol < ApplicationRecord validates_inclusion_of :rol, in: ROLES - encrypts :token before_save :add_token_if_missing! def invitade? From 63fd91ee48f3a9cab4417f6e9bd21be6604440f0 Mon Sep 17 00:00:00 2001 From: jazzari Date: Thu, 10 Aug 2023 16:13:13 -0300 Subject: [PATCH 11/29] feat: add token to existing records #13903 --- db/migrate/20230731195050_add_token_to_roles.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/db/migrate/20230731195050_add_token_to_roles.rb b/db/migrate/20230731195050_add_token_to_roles.rb index 635e065c..620c9fef 100644 --- a/db/migrate/20230731195050_add_token_to_roles.rb +++ b/db/migrate/20230731195050_add_token_to_roles.rb @@ -1,5 +1,6 @@ class AddTokenToRoles < ActiveRecord::Migration[6.1] def change add_column :roles, :token, :text + Rol.find_each { |m| m.update_column( :token, SecureRandom.hex(64) ) } end end From 23732bbfe0ed8c4920bd7188b700f63ed5612b51 Mon Sep 17 00:00:00 2001 From: jazzari Date: Mon, 14 Aug 2023 12:50:18 -0300 Subject: [PATCH 12/29] feat: add method to validate token from diff platforms in webhooks controller #13903 --- app/controllers/api/v1/webhooks_controller.rb | 29 +++++++++++++++++-- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 1933f24e..091d467e 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -10,10 +10,32 @@ module Api @site ||= Site.find_by_name!(params[:site_id]) end - # valida la plataforma del webhook + # valida el token que envía la plataforma del webhook + def token + @token ||= + begin + # Gitlab + if request.headers['X-Gitlab-Token'] + request.headers["X-Gitlab-Token"] + # Github + elsif request.headers['X-HUB-SIGNATURE-256'] + signature(request.env['HTTP_X_HUB_SIGNATURE_256']) + # Guitea + else + signature(request.env['HTTP_X_GITEA_SIGNATURE']) + end + end + end + + def token_from_signature(signature) + payload = request.body.read + site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| + new_signature = hash_mac(OpenSSL::Digest.new('sha256'), token, payload) + @token ||= Rack::Utils.secure_compare(new_signature, signature) + end + end + def usuarie - # Gitlab - token = request.headers["X-Gitlab-Token"] @usuarie = site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie end @@ -23,6 +45,7 @@ module Api message = I18n.with_locale(site.default_locale) do I18n.t('webhooks.pull.message') end + GitPullJob.perform_later(site, usuarie, message) end From f2236bb305573e7a471e1b3a94ab50d486bc0d63 Mon Sep 17 00:00:00 2001 From: jazzari Date: Mon, 14 Aug 2023 16:49:24 -0300 Subject: [PATCH 13/29] feat: move methods to private #13903 --- app/controllers/api/v1/webhooks_controller.rb | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 091d467e..b356d20a 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -6,6 +6,19 @@ module Api class WebhooksController < BaseController rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer + # Trae los cambios a partir de un post de Webhooks: + # (Gitlab, Github, Guitea, etc) + def pull + message = I18n.with_locale(site.default_locale) do + I18n.t('webhooks.pull.message') + end + + GitPullJob.perform_later(site, usuarie, message) + platforms_answer + end + + private + def site @site ||= Site.find_by_name!(params[:site_id]) end @@ -37,17 +50,7 @@ module Api def usuarie @usuarie = site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie - end - - # Trae los cambios a partir de un post de Webhooks: - # (Gitlab, Github, Guitea, etc) - def pull - message = I18n.with_locale(site.default_locale) do - I18n.t('webhooks.pull.message') - end - - GitPullJob.perform_later(site, usuarie, message) - end + end def platforms_answer head :ok From a098e1baa7d2e7e96b18bc16be7a21cc413c8f38 Mon Sep 17 00:00:00 2001 From: jazzari Date: Tue, 15 Aug 2023 16:14:34 -0300 Subject: [PATCH 14/29] fix: change migration methods to add token to roles #13903 --- db/migrate/20230731195050_add_token_to_roles.rb | 12 +++++++++--- db/migrate/20230731202003_change_token_name.rb | 6 ------ 2 files changed, 9 insertions(+), 9 deletions(-) delete mode 100644 db/migrate/20230731202003_change_token_name.rb diff --git a/db/migrate/20230731195050_add_token_to_roles.rb b/db/migrate/20230731195050_add_token_to_roles.rb index 620c9fef..c38b0526 100644 --- a/db/migrate/20230731195050_add_token_to_roles.rb +++ b/db/migrate/20230731195050_add_token_to_roles.rb @@ -1,6 +1,12 @@ class AddTokenToRoles < ActiveRecord::Migration[6.1] - def change - add_column :roles, :token, :text - Rol.find_each { |m| m.update_column( :token, SecureRandom.hex(64) ) } + def up + add_column :roles, :token, :string + Rol.find_each do |m| + m.update_column( :token, SecureRandom.hex(64) ) + end + end + + def down + remove_column :roles, :token end end diff --git a/db/migrate/20230731202003_change_token_name.rb b/db/migrate/20230731202003_change_token_name.rb deleted file mode 100644 index c3fce3c0..00000000 --- a/db/migrate/20230731202003_change_token_name.rb +++ /dev/null @@ -1,6 +0,0 @@ -class ChangeTokenName < ActiveRecord::Migration[6.1] - def change - rename_column :roles, :token, :token_cyphertext - Rol.find_each { |m| m.update_column( :token_cyphertext, SecureRandom.hex(64) ) } - end -end From c5406acb26221e591804d481ac6547072dd38952 Mon Sep 17 00:00:00 2001 From: jazzari Date: Tue, 15 Aug 2023 16:59:16 -0300 Subject: [PATCH 15/29] fix: add documentation and fix typos #13903 --- app/controllers/api/v1/webhooks_controller.rb | 101 ++++++++++-------- config/locales/es.yml | 2 +- 2 files changed, 56 insertions(+), 47 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index b356d20a..20cc0ddc 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -1,60 +1,69 @@ # frozen_string_literal: true module Api - module V1 - # Recibe webhooks y lanza un PullJob - class WebhooksController < BaseController - rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer + module V1 + # Recibe webhooks y lanza un PullJob + class WebhooksController < BaseController + # responde con forbidden si falla la validación del token + rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer - # Trae los cambios a partir de un post de Webhooks: - # (Gitlab, Github, Guitea, etc) - def pull - message = I18n.with_locale(site.default_locale) do - I18n.t('webhooks.pull.message') - end - - GitPullJob.perform_later(site, usuarie, message) - platforms_answer + # Trae los cambios a partir de un post de Webhooks: + # (Gitlab, Github, Gitea, etc) + def pull + message = I18n.with_locale(site.default_locale) do + I18n.t('webhooks.pull.message') end - private + GitPullJob.perform_later(site, usuarie, message) + head :ok + end - def site - @site ||= Site.find_by_name!(params[:site_id]) - end + private - # valida el token que envía la plataforma del webhook - def token - @token ||= - begin - # Gitlab - if request.headers['X-Gitlab-Token'] - request.headers["X-Gitlab-Token"] - # Github - elsif request.headers['X-HUB-SIGNATURE-256'] - signature(request.env['HTTP_X_HUB_SIGNATURE_256']) - # Guitea - else - signature(request.env['HTTP_X_GITEA_SIGNATURE']) - end - end - end + # encuentra el sitio a partir de la url + def site + @site ||= Site.find_by_name!(params[:site_id]) + end - def token_from_signature(signature) - payload = request.body.read - site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| - new_signature = hash_mac(OpenSSL::Digest.new('sha256'), token, payload) - @token ||= Rack::Utils.secure_compare(new_signature, signature) - end - end + # valida el token que envía la plataforma del webhook + # + # @return [String] + def token + @token ||= + begin + # Gitlab + if request.headers['X-Gitlab-Token'] + request.headers['X-Gitlab-Token'] + # Github + elsif request.headers['X-HUB-SIGNATURE-256'] + request.env['HTTP_X_HUB_SIGNATURE_256'] + # Gitea + else + request.env['HTTP_X_GITEA_SIGNATURE'] + end + end + end - def usuarie - @usuarie = site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie - end - - def platforms_answer - head :ok + # valida token a partir de firma de webhook + # + # @return [String] + def token_from_signature(signature) + payload = request.body.read + site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| + new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) + ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) end end + + # encuentra le usuarie + def usuarie + @usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie + end + + # respuesta de error a plataformas + def platforms_answer + head :forbidden + end end + end end \ No newline at end of file diff --git a/config/locales/es.yml b/config/locales/es.yml index b03a222f..7a83483f 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -476,7 +476,7 @@ es: message: 'Actualización del esqueleto' webhooks_controller: pull: - message: 'Pull de webhooks' + message: 'Traer los cambios a partir de un evento remoto' footer: powered_by: 'es desarrollada por' i18n: From aeb2105dc7273cf603ab8e86f7bc90780f96093f Mon Sep 17 00:00:00 2001 From: jazzari Date: Tue, 15 Aug 2023 19:25:06 -0300 Subject: [PATCH 16/29] fix: add rescue in token_from_signature method #13903 --- app/controllers/api/v1/webhooks_controller.rb | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 20cc0ddc..0ecca9d7 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -9,6 +9,8 @@ module Api # Trae los cambios a partir de un post de Webhooks: # (Gitlab, Github, Gitea, etc) + # + # @return [nil] def pull message = I18n.with_locale(site.default_locale) do I18n.t('webhooks.pull.message') @@ -36,22 +38,27 @@ module Api request.headers['X-Gitlab-Token'] # Github elsif request.headers['X-HUB-SIGNATURE-256'] - request.env['HTTP_X_HUB_SIGNATURE_256'] + token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256']) # Gitea else - request.env['HTTP_X_GITEA_SIGNATURE'] + token_from_signatureq(request.env['HTTP_X_GITEA_SIGNATURE']) end end end # valida token a partir de firma de webhook # - # @return [String] + # @return [String, Boolean] def token_from_signature(signature) payload = request.body.read site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) + end.tap do |t| + raise ArgumentError, 'token no encontrado' if t.nil? + rescue ArgumentError => e + ExceptionNotifier.notify_exception(e, data: { params: params.to_h }) + raise ActiveRecord::RecordNotFound end end From 5ac628b38a0032a26e0f9d29f1c4e1266069360b Mon Sep 17 00:00:00 2001 From: jazzari Date: Wed, 16 Aug 2023 12:58:14 -0300 Subject: [PATCH 17/29] fix: fix typo and change response to platforms #13903 --- app/controllers/api/v1/webhooks_controller.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 0ecca9d7..40f2f06d 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -40,8 +40,10 @@ module Api elsif request.headers['X-HUB-SIGNATURE-256'] token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256']) # Gitea + elsif + token_from_signature(request.env['HTTP_X_GITEA_SIGNATURE']) else - token_from_signatureq(request.env['HTTP_X_GITEA_SIGNATURE']) + raise ActiveRecord::RecordNotFound end end end @@ -55,10 +57,7 @@ module Api new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) end.tap do |t| - raise ArgumentError, 'token no encontrado' if t.nil? - rescue ArgumentError => e - ExceptionNotifier.notify_exception(e, data: { params: params.to_h }) - raise ActiveRecord::RecordNotFound + raise ActiveRecord::RecordNotFound if t.nil? end end @@ -70,6 +69,9 @@ module Api # respuesta de error a plataformas def platforms_answer head :forbidden + raise ArgumentError, 'token no encontrado' + rescue ArgumentError => e + ExceptionNotifier.notify_exception(e, data: { params: params.to_h }) end end end From 35dca9d7565f40f2a037b095ea8005cd2a953232 Mon Sep 17 00:00:00 2001 From: jazzari Date: Wed, 16 Aug 2023 13:39:29 -0300 Subject: [PATCH 18/29] fix: fix exception in platforms_answer method #13903 --- app/controllers/api/v1/webhooks_controller.rb | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 40f2f06d..13a227ce 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -57,7 +57,7 @@ module Api new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) end.tap do |t| - raise ActiveRecord::RecordNotFound if t.nil? + raise ActiveRecord::RecordNotFound, 'token no encontrado' if t.nil? end end @@ -67,12 +67,9 @@ module Api end # respuesta de error a plataformas - def platforms_answer + def platforms_answer(exception) head :forbidden - raise ArgumentError, 'token no encontrado' - rescue ArgumentError => e - ExceptionNotifier.notify_exception(e, data: { params: params.to_h }) - end + ExceptionNotifier.notify_exception(exception, data: { params: params.to_h }) end end end \ No newline at end of file From cefd053d1d7f70233f07cd047fd1dc5d321dd8b5 Mon Sep 17 00:00:00 2001 From: jazzari Date: Wed, 16 Aug 2023 14:57:01 -0300 Subject: [PATCH 19/29] fix: add condition in elsif in token method #13903 --- app/controllers/api/v1/webhooks_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 13a227ce..3af9abee 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -40,7 +40,7 @@ module Api elsif request.headers['X-HUB-SIGNATURE-256'] token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256']) # Gitea - elsif + elsif request.headers['HTTP_X_GITEA_SIGNATURE'] token_from_signature(request.env['HTTP_X_GITEA_SIGNATURE']) else raise ActiveRecord::RecordNotFound From 114fe4b2d5dce83874735cf1de97af6e89b925d5 Mon Sep 17 00:00:00 2001 From: jazzari Date: Wed, 16 Aug 2023 15:43:57 -0300 Subject: [PATCH 20/29] fix: fix in es.yml & en.yml and missing end #13903 --- app/controllers/api/v1/webhooks_controller.rb | 11 ++++++----- config/locales/en.yml | 2 +- config/locales/es.yml | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 3af9abee..8ef943be 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -38,12 +38,12 @@ module Api request.headers['X-Gitlab-Token'] # Github elsif request.headers['X-HUB-SIGNATURE-256'] - token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256']) + token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256'], 'sha256=') # Gitea elsif request.headers['HTTP_X_GITEA_SIGNATURE'] token_from_signature(request.env['HTTP_X_GITEA_SIGNATURE']) else - raise ActiveRecord::RecordNotFound + raise ActiveRecord::RecordNotFound, 'proveedor no soportado' end end end @@ -51,10 +51,10 @@ module Api # valida token a partir de firma de webhook # # @return [String, Boolean] - def token_from_signature(signature) + def token_from_signature(signature. prepend = '') payload = request.body.read site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| - new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) + new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) end.tap do |t| raise ActiveRecord::RecordNotFound, 'token no encontrado' if t.nil? @@ -69,7 +69,8 @@ module Api # respuesta de error a plataformas def platforms_answer(exception) head :forbidden - ExceptionNotifier.notify_exception(exception, data: { params: params.to_h }) + ExceptionNotifier.notify_exception(exception, env: request.env) + end end end end \ No newline at end of file diff --git a/config/locales/en.yml b/config/locales/en.yml index 8ae8cce5..c9a723bc 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -466,7 +466,7 @@ en: success: 'Site upgrade has been completed. Your next build will run this upgrade :)' error: "There was an error when trying to upgrade your site. This could be due to conflicts that couldn't be solved automatically. A report of the issue has already been sent to our admins. Sorry for the inconvenience! :(" message: 'Skeleton upgrade' - webhooks_controller: + webhooks: pull: message: 'Webhooks pull' footer: diff --git a/config/locales/es.yml b/config/locales/es.yml index 7a83483f..857217ec 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -474,7 +474,7 @@ es: success: 'Ya se incorporaron los cambios en el sitio, se aplicarán en la próxima compilación que hagas :)' error: 'Hubo un error al incorporar los cambios en el sitio. Esto puede deberse a conflictos entre cambios que no se pueden resolver automáticamente. Hemos enviado un reporte del problema a les administradores de Sutty para que estén al tanto de la situación. ¡Lo sentimos! :(' message: 'Actualización del esqueleto' - webhooks_controller: + webhooks: pull: message: 'Traer los cambios a partir de un evento remoto' footer: From 5ef601139fab2f99952dcda124a6a06bd10dc054 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:21:48 -0300 Subject: [PATCH 21/29] fix: eliminar espacio en blanco --- app/controllers/api/v1/webhooks_controller.rb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 8ef943be..fb4a710c 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -11,7 +11,7 @@ module Api # (Gitlab, Github, Gitea, etc) # # @return [nil] - def pull + def pull message = I18n.with_locale(site.default_locale) do I18n.t('webhooks.pull.message') end @@ -20,17 +20,17 @@ module Api head :ok end - private + private # encuentra el sitio a partir de la url - def site + def site @site ||= Site.find_by_name!(params[:site_id]) end # valida el token que envía la plataforma del webhook # # @return [String] - def token + def token @token ||= begin # Gitlab @@ -45,14 +45,14 @@ module Api else raise ActiveRecord::RecordNotFound, 'proveedor no soportado' end - end + end end # valida token a partir de firma de webhook # # @return [String, Boolean] def token_from_signature(signature. prepend = '') - payload = request.body.read + payload = request.body.read site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) @@ -61,10 +61,10 @@ module Api end end - # encuentra le usuarie + # encuentra le usuarie def usuarie @usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie - end + end # respuesta de error a plataformas def platforms_answer(exception) @@ -73,4 +73,4 @@ module Api end end end -end \ No newline at end of file +end From 690efe329c571c0d8c601645735d186b7890a572 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:22:57 -0300 Subject: [PATCH 22/29] fix: llamar a los headers consistentemente --- app/controllers/api/v1/webhooks_controller.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index fb4a710c..1d1258fd 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -37,11 +37,11 @@ module Api if request.headers['X-Gitlab-Token'] request.headers['X-Gitlab-Token'] # Github - elsif request.headers['X-HUB-SIGNATURE-256'] - token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256'], 'sha256=') + elsif request.headers['X-Hub-Signature-256'] + token_from_signature(request.headers['X_Hub_Signature_256'], 'sha256=') # Gitea - elsif request.headers['HTTP_X_GITEA_SIGNATURE'] - token_from_signature(request.env['HTTP_X_GITEA_SIGNATURE']) + elsif request.headers['X_Gitea_Signature'] + token_from_signature(request.headers['X_Gitea_Signature']) else raise ActiveRecord::RecordNotFound, 'proveedor no soportado' end From a99e03ce15d13122f36e2aab976fd5229156300e Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:23:39 -0300 Subject: [PATCH 23/29] feat: enviar los headers en el reporte --- app/controllers/api/v1/webhooks_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 1d1258fd..6be6c2dc 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -68,8 +68,9 @@ module Api # respuesta de error a plataformas def platforms_answer(exception) + ExceptionNotifier.notify_exception(exception, env: request.env, data: { headers: request.headers.to_h }) + head :forbidden - ExceptionNotifier.notify_exception(exception, env: request.env) end end end From 42e6a0b6eb5432773d2337ed33ac154defd2c042 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:24:33 -0300 Subject: [PATCH 24/29] fix: typo --- app/controllers/api/v1/webhooks_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 6be6c2dc..ab2fce6b 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -51,7 +51,7 @@ module Api # valida token a partir de firma de webhook # # @return [String, Boolean] - def token_from_signature(signature. prepend = '') + def token_from_signature(signature, prepend = '') payload = request.body.read site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) From b9083c492cd3e50971bbbca9a549b81c4781efe3 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:26:39 -0300 Subject: [PATCH 25/29] fix: presencia --- app/controllers/api/v1/webhooks_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index ab2fce6b..23bfae22 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -34,13 +34,13 @@ module Api @token ||= begin # Gitlab - if request.headers['X-Gitlab-Token'] + if request.headers['X-Gitlab-Token'].present? request.headers['X-Gitlab-Token'] # Github - elsif request.headers['X-Hub-Signature-256'] + elsif request.headers['X-Hub-Signature-256'].present? token_from_signature(request.headers['X_Hub_Signature_256'], 'sha256=') # Gitea - elsif request.headers['X_Gitea_Signature'] + elsif request.headers['X_Gitea_Signature'].present? token_from_signature(request.headers['X_Gitea_Signature']) else raise ActiveRecord::RecordNotFound, 'proveedor no soportado' From a2678c3e81f7943368edf9a51e9de80354af603f Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:35:36 -0300 Subject: [PATCH 26/29] fix: no ignorar excepciones como record not found --- config/environments/production.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 4cc1cb39..5e089ff9 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -142,7 +142,7 @@ Rails.application.configure do } config.action_mailer.default_options = { from: ENV.fetch('DEFAULT_FROM', "noreply@sutty.nl") } - config.middleware.use ExceptionNotification::Rack, gitlab: {}, ignore_exceptions: (['DeployJob::DeployAlreadyRunningException'] + ExceptionNotifier.ignored_exceptions) + config.middleware.use ExceptionNotification::Rack, gitlab: {}, ignore_exceptions: ['DeployJob::DeployAlreadyRunningException'] Rails.application.routes.default_url_options[:host] = "panel.#{ENV.fetch('SUTTY', 'sutty.nl')}" Rails.application.routes.default_url_options[:protocol] = 'https' From ef8ed271d75dd1e4bdf079c11f8bcaf450af25ac Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:46:11 -0300 Subject: [PATCH 27/29] fix: consistencia al llamar a headers --- app/controllers/api/v1/webhooks_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 23bfae22..95439cd4 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -38,10 +38,10 @@ module Api request.headers['X-Gitlab-Token'] # Github elsif request.headers['X-Hub-Signature-256'].present? - token_from_signature(request.headers['X_Hub_Signature_256'], 'sha256=') + token_from_signature(request.headers['X-Hub-Signature-256'], 'sha256=') # Gitea - elsif request.headers['X_Gitea_Signature'].present? - token_from_signature(request.headers['X_Gitea_Signature']) + elsif request.headers['X-Gitea-Signature'].present? + token_from_signature(request.headers['X-Gitea-Signature']) else raise ActiveRecord::RecordNotFound, 'proveedor no soportado' end From 4a7ac981e5029ce8c23fa0c54c5ba99268dcb3ee Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 17:04:34 -0300 Subject: [PATCH 28/29] fix: no fallar si la firma es nil closes #14089 --- app/controllers/api/v1/webhooks_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 95439cd4..1730034e 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -55,7 +55,7 @@ module Api payload = request.body.read site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) - ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) + ActiveSupport::SecurityUtils.secure_compare(new_signature, signature.to_s) end.tap do |t| raise ActiveRecord::RecordNotFound, 'token no encontrado' if t.nil? end From 7793c5f96d63bad20243b6eb3bb0d8bc79e92e6d Mon Sep 17 00:00:00 2001 From: f Date: Fri, 22 Sep 2023 13:03:28 -0300 Subject: [PATCH 29/29] =?UTF-8?q?fix:=20no=20enviar=20el=20env=20en=20la?= =?UTF-8?q?=20notificaci=C3=B3n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/api/v1/webhooks_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 1730034e..36e6a6d1 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -68,7 +68,7 @@ module Api # respuesta de error a plataformas def platforms_answer(exception) - ExceptionNotifier.notify_exception(exception, env: request.env, data: { headers: request.headers.to_h }) + ExceptionNotifier.notify_exception(exception, data: { headers: request.headers.to_h } head :forbidden end