feat: poder reutilizar webhooks

2024-11-20 06:06:21 +00:00 · 2024-02-16 15:59:37 -03:00 · 2024-02-16 15:59:37 -03:00 · b792cb2d43
commit b792cb2d43
parent 6d0ea6fa5d
3 changed files with 75 additions and 56 deletions
--- a/app/controllers/api/v1/concerns/webhook_concern.rb
+++ b/app/controllers/api/v1/concerns/webhook_concern.rb
@ -0,0 +1,71 @@
 # frozen_string_literal: true
 module Api
  module V1
    # Helpers para webhooks
    module WebhookConcern
      extend ActiveSupport::Concern
      included do
        # Responde con forbidden si falla la validación del token
        rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer
        private
        # Valida el token que envía la plataforma en el webhook
        #
        # @return [String]
        def token
          @token ||=
            begin
              _headers = request.headers
              _token ||= _headers['X-Gitlab-Token'].presence
              _token ||= token_from_signature(_headers['X-Gitea-Signature'].presence)
              _token ||= token_from_signature(_headers['X-Hub-Signature-256'].presence, 'sha256=')
              _token
            ensure
              raise ActiveRecord::RecordNotFound, 'Proveedor no soportado' if _token.blank?
            end
        end
        # Valida token a partir de firma
        #
        # @param signature [String,nil]
        # @param prepend [String]
        # @return [String, nil]
        def token_from_signature(signature, prepend = '')
          return if signature.nil?
          payload = request.raw_post
          site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token|
            new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload)
            ActiveSupport::SecurityUtils.secure_compare(new_signature, signature.to_s)
          end
        end
        # Encuentra el sitio a partir de la URL
        #
        # @return [Site]
        def site
          @site ||= Site.find_by_name!(params[:site_id])
        end
        # Encuentra le usuarie
        #
        # @return [Site]
        def usuarie
          @usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie
        end
        # Respuesta de error a plataformas
        def platforms_answer(exception)
          ExceptionNotifier.notify_exception(exception, data: { headers: request.headers.to_h })
          head :forbidden
        end
      end
    end
  end
 end
--- a/app/controllers/api/v1/webhooks_controller.rb
+++ b/app/controllers/api/v1/webhooks_controller.rb
@ -4,8 +4,7 @@ module Api
  module V1
    # Recibe webhooks y lanza un PullJob
    class WebhooksController < BaseController
-      # responde con forbidden si falla la validación del token
+      include WebhookConcern
      rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer
      # Trae los cambios a partir de un post de Webhooks:
      # (Gitlab, Github, Gitea, etc)
@ -19,59 +18,6 @@ module Api
        GitPullJob.perform_later(site, usuarie, message)
        head :ok
      end
      private
      # encuentra el sitio a partir de la url
      def site
        @site ||= Site.find_by_name!(params[:site_id])
      end
      # valida el token que envía la plataforma del webhook
      #
      # @return [String]
      def token
        @token ||=
          begin
            # Gitlab
            if request.headers['X-Gitlab-Token'].present?
              request.headers['X-Gitlab-Token']
            # Github
            elsif request.headers['X-Hub-Signature-256'].present?
              token_from_signature(request.headers['X-Hub-Signature-256'], 'sha256=')
            # Gitea
            elsif request.headers['X-Gitea-Signature'].present?
              token_from_signature(request.headers['X-Gitea-Signature'])
            else
              raise ActiveRecord::RecordNotFound, 'proveedor no soportado'
            end
          end
      end
      # valida token a partir de firma de webhook
      #
      # @return [String, Boolean]
      def token_from_signature(signature, prepend = '')
        payload = request.body.read
        site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token|
          new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload)
          ActiveSupport::SecurityUtils.secure_compare(new_signature, signature.to_s)
        end.tap do |t|
          raise ActiveRecord::RecordNotFound, 'token no encontrado' if t.nil?
        end
      end
      # encuentra le usuarie
      def usuarie
        @usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie
      end
      # respuesta de error a plataformas
      def platforms_answer(exception)
        ExceptionNotifier.notify_exception(exception, data: { headers: request.headers.to_h })
        head :forbidden
      end
    end
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -18,7 +18,9 @@ Rails.application.routes.draw do
          get  :'contact/cookie', to: 'invitades#contact_cookie'
          post :'contact/:form', to: 'contact#receive', as: :contact
-          post :'webhooks/pull', to: 'webhooks#pull'
+          namespace :webhooks do
            post :pull, to: 'webhooks#pull'
          end
        end
      end
    end