diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 3af9abee..ab2fce6b 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -11,7 +11,7 @@ module Api # (Gitlab, Github, Gitea, etc) # # @return [nil] - def pull + def pull message = I18n.with_locale(site.default_locale) do I18n.t('webhooks.pull.message') end @@ -20,56 +20,58 @@ module Api head :ok end - private + private # encuentra el sitio a partir de la url - def site + def site @site ||= Site.find_by_name!(params[:site_id]) end # valida el token que envía la plataforma del webhook # # @return [String] - def token + def token @token ||= begin # Gitlab if request.headers['X-Gitlab-Token'] request.headers['X-Gitlab-Token'] # Github - elsif request.headers['X-HUB-SIGNATURE-256'] - token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256']) + elsif request.headers['X-Hub-Signature-256'] + token_from_signature(request.headers['X_Hub_Signature_256'], 'sha256=') # Gitea - elsif request.headers['HTTP_X_GITEA_SIGNATURE'] - token_from_signature(request.env['HTTP_X_GITEA_SIGNATURE']) + elsif request.headers['X_Gitea_Signature'] + token_from_signature(request.headers['X_Gitea_Signature']) else - raise ActiveRecord::RecordNotFound + raise ActiveRecord::RecordNotFound, 'proveedor no soportado' end - end + end end # valida token a partir de firma de webhook # # @return [String, Boolean] - def token_from_signature(signature) - payload = request.body.read + def token_from_signature(signature, prepend = '') + payload = request.body.read site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| - new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) + new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) end.tap do |t| raise ActiveRecord::RecordNotFound, 'token no encontrado' if t.nil? end end - # encuentra le usuarie + # encuentra le usuarie def usuarie @usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie - end + end # respuesta de error a plataformas def platforms_answer(exception) + ExceptionNotifier.notify_exception(exception, env: request.env, data: { headers: request.headers.to_h }) + head :forbidden - ExceptionNotifier.notify_exception(exception, data: { params: params.to_h }) + end end end -end \ No newline at end of file +end diff --git a/config/locales/en.yml b/config/locales/en.yml index eebaf749..3d942718 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -469,7 +469,7 @@ en: success: 'Site upgrade has been completed. Your next build will run this upgrade :)' error: "There was an error when trying to upgrade your site. This could be due to conflicts that couldn't be solved automatically. A report of the issue has already been sent to our admins. Sorry for the inconvenience! :(" message: 'Skeleton upgrade' - webhooks_controller: + webhooks: pull: message: 'Webhooks pull' footer: diff --git a/config/locales/es.yml b/config/locales/es.yml index 8bee3b98..cfefe0a8 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -477,7 +477,7 @@ es: success: 'Ya se incorporaron los cambios en el sitio, se aplicarán en la próxima compilación que hagas :)' error: 'Hubo un error al incorporar los cambios en el sitio. Esto puede deberse a conflictos entre cambios que no se pueden resolver automáticamente. Hemos enviado un reporte del problema a les administradores de Sutty para que estén al tanto de la situación. ¡Lo sentimos! :(' message: 'Actualización del esqueleto' - webhooks_controller: + webhooks: pull: message: 'Traer los cambios a partir de un evento remoto' footer: