Sutty/panel
5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-26 03:36:22 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'issue-13903' of https://0xacab.org/sutty/sutty into 17.3.alpine.panel.sutty.nl

Browse source
This commit is contained in:
Sutty 2023-08-16 19:24:59 +00:00
commit 67ef92feb4
3 changed files with 21 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
app/controllers/api/v1/webhooks_controller.rb
View file

@ -11,7 +11,7 @@ module Api
# (Gitlab, Github, Gitea, etc)
#
# @return [nil]
def pull
def pull
message = I18n.with_locale(site.default_locale) do
I18n.t('webhooks.pull.message')
end
@ -20,56 +20,58 @@ module Api
head :ok
end
private
private
# encuentra el sitio a partir de la url
def site
def site
@site ||= Site.find_by_name!(params[:site_id])
end
# valida el token que envía la plataforma del webhook
#
# @return [String]
def token
def token
@token ||=
begin
# Gitlab
if request.headers['X-Gitlab-Token']
request.headers['X-Gitlab-Token']
# Github
elsif request.headers['X-HUB-SIGNATURE-256']
token_from_signature(request.env['HTTP_X_HUB_SIGNATURE_256'])
elsif request.headers['X-Hub-Signature-256']
token_from_signature(request.headers['X_Hub_Signature_256'], 'sha256=')
# Gitea
elsif request.headers['HTTP_X_GITEA_SIGNATURE']
token_from_signature(request.env['HTTP_X_GITEA_SIGNATURE'])
elsif request.headers['X_Gitea_Signature']
token_from_signature(request.headers['X_Gitea_Signature'])
else
raise ActiveRecord::RecordNotFound
raise ActiveRecord::RecordNotFound, 'proveedor no soportado'
end
end
end
end
# valida token a partir de firma de webhook
#
# @return [String, Boolean]
def token_from_signature(signature)
payload = request.body.read
def token_from_signature(signature, prepend = '')
payload = request.body.read
site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token|
new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload)
new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload)
ActiveSupport::SecurityUtils.secure_compare(new_signature, signature)
end.tap do |t|
raise ActiveRecord::RecordNotFound, 'token no encontrado' if t.nil?
end
end
# encuentra le usuarie
# encuentra le usuarie
def usuarie
@usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie
end
end
# respuesta de error a plataformas
def platforms_answer(exception)
ExceptionNotifier.notify_exception(exception, env: request.env, data: { headers: request.headers.to_h })
head :forbidden
ExceptionNotifier.notify_exception(exception, data: { params: params.to_h })
end
end
end
end
end

2
config/locales/en.yml
View file

@ -469,7 +469,7 @@ en:
success: 'Site upgrade has been completed. Your next build will run this upgrade :)'
error: "There was an error when trying to upgrade your site. This could be due to conflicts that couldn't be solved automatically. A report of the issue has already been sent to our admins. Sorry for the inconvenience! :("
message: 'Skeleton upgrade'
webhooks_controller:
webhooks:
pull:
message: 'Webhooks pull'
footer:

2
config/locales/es.yml
View file

@ -477,7 +477,7 @@ es:
success: 'Ya se incorporaron los cambios en el sitio, se aplicarán en la próxima compilación que hagas :)'
error: 'Hubo un error al incorporar los cambios en el sitio. Esto puede deberse a conflictos entre cambios que no se pueden resolver automáticamente. Hemos enviado un reporte del problema a les administradores de Sutty para que estén al tanto de la situación. ¡Lo sentimos! :('
message: 'Actualización del esqueleto'
webhooks_controller:
webhooks:
pull:
message: 'Traer los cambios a partir de un evento remoto'
footer: