diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index b356d20a..20cc0ddc 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -1,60 +1,69 @@ # frozen_string_literal: true module Api - module V1 - # Recibe webhooks y lanza un PullJob - class WebhooksController < BaseController - rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer + module V1 + # Recibe webhooks y lanza un PullJob + class WebhooksController < BaseController + # responde con forbidden si falla la validación del token + rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer - # Trae los cambios a partir de un post de Webhooks: - # (Gitlab, Github, Guitea, etc) - def pull - message = I18n.with_locale(site.default_locale) do - I18n.t('webhooks.pull.message') - end - - GitPullJob.perform_later(site, usuarie, message) - platforms_answer + # Trae los cambios a partir de un post de Webhooks: + # (Gitlab, Github, Gitea, etc) + def pull + message = I18n.with_locale(site.default_locale) do + I18n.t('webhooks.pull.message') end - private + GitPullJob.perform_later(site, usuarie, message) + head :ok + end - def site - @site ||= Site.find_by_name!(params[:site_id]) - end + private - # valida el token que envía la plataforma del webhook - def token - @token ||= - begin - # Gitlab - if request.headers['X-Gitlab-Token'] - request.headers["X-Gitlab-Token"] - # Github - elsif request.headers['X-HUB-SIGNATURE-256'] - signature(request.env['HTTP_X_HUB_SIGNATURE_256']) - # Guitea - else - signature(request.env['HTTP_X_GITEA_SIGNATURE']) - end - end - end + # encuentra el sitio a partir de la url + def site + @site ||= Site.find_by_name!(params[:site_id]) + end - def token_from_signature(signature) - payload = request.body.read - site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| - new_signature = hash_mac(OpenSSL::Digest.new('sha256'), token, payload) - @token ||= Rack::Utils.secure_compare(new_signature, signature) - end - end + # valida el token que envía la plataforma del webhook + # + # @return [String] + def token + @token ||= + begin + # Gitlab + if request.headers['X-Gitlab-Token'] + request.headers['X-Gitlab-Token'] + # Github + elsif request.headers['X-HUB-SIGNATURE-256'] + request.env['HTTP_X_HUB_SIGNATURE_256'] + # Gitea + else + request.env['HTTP_X_GITEA_SIGNATURE'] + end + end + end - def usuarie - @usuarie = site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie - end - - def platforms_answer - head :ok + # valida token a partir de firma de webhook + # + # @return [String] + def token_from_signature(signature) + payload = request.body.read + site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| + new_signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) + ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) end end + + # encuentra le usuarie + def usuarie + @usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie + end + + # respuesta de error a plataformas + def platforms_answer + head :forbidden + end end + end end \ No newline at end of file diff --git a/config/locales/es.yml b/config/locales/es.yml index b03a222f..7a83483f 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -476,7 +476,7 @@ es: message: 'Actualización del esqueleto' webhooks_controller: pull: - message: 'Pull de webhooks' + message: 'Traer los cambios a partir de un evento remoto' footer: powered_by: 'es desarrollada por' i18n: