pep/cusku
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity

Rename token to secret

Browse source 
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
This commit is contained in:
Maxime “pep” Buquet 2024-07-10 14:18:28 +02:00
parent 1cf93d1ba8
commit 407788af5a
Signed by: pep
GPG key ID: DEDA74AEECA9D0F2
3 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/error.rs
View file

@ -24,7 +24,7 @@ use hmac::digest::InvalidLength as HmacInvalidLength;
#[derive(Debug)] #[derive(Debug)]
pub(crate) enum Error { pub(crate) enum Error {
MethodMismatch, MethodMismatch,
InvalidToken, InvalidSecret,
InvalidContentType, InvalidContentType,
InvalidSignature, InvalidSignature,
InvalidRequest, InvalidRequest,
@ -44,7 +44,7 @@ impl std::fmt::Display for Error {
fn fmt(&self, fmt: &mut std::fmt::Formatter) -> std::fmt::Result { fn fmt(&self, fmt: &mut std::fmt::Formatter) -> std::fmt::Result {
match self { match self {
Error::MethodMismatch => write!(fmt, "the method is invalid"), Error::MethodMismatch => write!(fmt, "the method is invalid"),
Error::InvalidToken => write!(fmt, "the token is invalid"), Error::InvalidSecret => write!(fmt, "the secret is invalid"),
Error::InvalidContentType => write!(fmt, "the content-type is invalid"), Error::InvalidContentType => write!(fmt, "the content-type is invalid"),
Error::InvalidSignature => write!(fmt, "the signature is invalid"), Error::InvalidSignature => write!(fmt, "the signature is invalid"),
Error::InvalidRequest => write!(fmt, "the request is invalid"), Error::InvalidRequest => write!(fmt, "the request is invalid"),

12
src/main.rs
View file

@ -56,9 +56,9 @@ struct Config {
#[serde(default = "default_nickname")] #[serde(default = "default_nickname")]
nickname: String, nickname: String,
/// Token to match the one provided by the Webhook service /// Secret that matches the one provided to the Webhook service
#[serde(rename = "webhook-token")] #[serde(rename = "secret")]
webhook_token: String, secret: String,
/// HTTP Webhook listening address and port, e.g., 127.0.0.1:1234 or [::1]:1234 /// HTTP Webhook listening address and port, e.g., 127.0.0.1:1234 or [::1]:1234
#[serde(default = "default_addr")] #[serde(default = "default_addr")]
@ -140,8 +140,8 @@ async fn main() -> Result<!, Error> {
); );
let tcp_bind = TcpListener::bind(config.addr).await?; let tcp_bind = TcpListener::bind(config.addr).await?;
let token: &'static String = let secret: &'static String =
unsafe { core::mem::transmute::<&String, &'static String>(&config.webhook_token) }; unsafe { core::mem::transmute::<&String, &'static String>(&config.secret) };
let value_tx = Arc::new(Mutex::new(value_tx)); let value_tx = Arc::new(Mutex::new(value_tx));
loop { loop {
@ -158,7 +158,7 @@ async fn main() -> Result<!, Error> {
.serve_connection(io, service_fn(|request| { .serve_connection(io, service_fn(|request| {
let value_tx = value_tx.clone(); let value_tx = value_tx.clone();
async move { async move {
hooks(request, token, value_tx).await hooks(request, secret, value_tx).await
} }
})) }))
.await .await

18
src/web.rs
View file

@ -41,7 +41,7 @@ fn error_res<E: std::fmt::Debug>(e: E) -> Result<Response<Full<Bytes>>, Infallib
Ok(res) Ok(res)
} }
async fn hooks_inner(req: Request<Incoming>, token: &str) -> Result<Hook, Error> { async fn hooks_inner(req: Request<Incoming>, secret: &str) -> Result<Hook, Error> {
match req.method() { match req.method() {
&Method::POST => (), &Method::POST => (),
_ => return Err(Error::MethodMismatch), _ => return Err(Error::MethodMismatch),
@ -57,16 +57,16 @@ async fn hooks_inner(req: Request<Incoming>, token: &str) -> Result<Hook, Error>
} }
if let Some(val) = headers.get("X-Gitlab-Token") if let Some(val) = headers.get("X-Gitlab-Token")
&& token != val && secret != val
{ {
return Err(Error::InvalidToken); return Err(Error::InvalidSecret);
} }
// Get payload and generate hmac signature // Get payload and generate hmac signature
let mut payload: Vec<u8> = vec![]; let mut payload: Vec<u8> = vec![];
let whole_body = req.collect().await?.aggregate(); let whole_body = req.collect().await?.aggregate();
whole_body.reader().read_to_end(&mut payload)?; whole_body.reader().read_to_end(&mut payload)?;
let mut mac = HmacSha256::new_from_slice(token.as_bytes())?; let mut mac = HmacSha256::new_from_slice(secret.as_bytes())?;
mac.update(&payload); mac.update(&payload);
let result = mac.finalize().into_bytes(); let result = mac.finalize().into_bytes();
trace!("Payload calculated signature: {:?}", hex::encode(result)); trace!("Payload calculated signature: {:?}", hex::encode(result));
@ -82,10 +82,10 @@ async fn hooks_inner(req: Request<Incoming>, token: &str) -> Result<Hook, Error>
let hook: ForgejoHook = serde_json::from_slice(&payload[..])?; let hook: ForgejoHook = serde_json::from_slice(&payload[..])?;
return Ok(Hook::Forgejo(hook)); return Ok(Hook::Forgejo(hook));
} else if let Some(val) = headers.get("X-Gitlab-Token") } else if let Some(val) = headers.get("X-Gitlab-Token")
&& token != val && secret != val
{ {
if token != val { if secret != val {
return Err(Error::InvalidToken); return Err(Error::InvalidSecret);
} }
let hook: GitlabHook = serde_json::from_slice(&payload[..])?; let hook: GitlabHook = serde_json::from_slice(&payload[..])?;
@ -98,10 +98,10 @@ async fn hooks_inner(req: Request<Incoming>, token: &str) -> Result<Hook, Error>
pub async fn hooks( pub async fn hooks(
req: Request<Incoming>, req: Request<Incoming>,
token: &str, secret: &str,
value_tx: Arc<Mutex<UnboundedSender<Hook>>>, value_tx: Arc<Mutex<UnboundedSender<Hook>>>,
) -> Result<Response<Full<Bytes>>, Infallible> { ) -> Result<Response<Full<Bytes>>, Infallible> {
match hooks_inner(req, token).await { match hooks_inner(req, secret).await {
Ok(wh) => { Ok(wh) => {
debug!("Passed: {:?}", wh); debug!("Passed: {:?}", wh);