Commit 2bf16413 authored by Guilhem Saurel's avatar Guilhem Saurel
Browse files

add gh app

parent 980a97bc
Pipeline #8455 failed with stage
in 43 seconds
......@@ -3,7 +3,6 @@ from ipaddress import ip_address, ip_network
from django.conf import settings
from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
from django.shortcuts import reverse
from rest_framework import permissions
......@@ -22,7 +21,8 @@ class LAASPermsMiddleware:
or if the user is authenticated,
or if the request comes from a trusted IP.
"""
allowed = (request.path.startswith('/admin/') or request.path.startswith('/accounts/')
ALLOWED_URLS = ('admin', 'accounts', 'gh')
allowed = (any(request.path.startswith(f'/{url}/') for url in ALLOWED_URLS)
or request.user and request.user.is_authenticated
or request.method in permissions.SAFE_METHODS and ip_laas(request))
......
......@@ -46,6 +46,7 @@ INSTALLED_APPS = [
'bootstrap4',
'ndh',
'rainboard',
'gh',
]
MIDDLEWARE = [
......@@ -160,6 +161,7 @@ RAINBOARD_RPKG = RAINBOARD_DATA / 'robotpkg'
PRIVATE_REGISTRY = 'gepgitlab.laas.fr:4567'
PUBLIC_REGISTRY = 'memmos.laas.fr:5000'
GITHUB_USER = 'hrp2-14'
GITHUB_WEBHOOK_KEY = os.environ['GITHUB_WEBHOOK_KEY']
AUTHENTICATION_BACKENDS = ["django_auth_ldap.backend.LDAPBackend"]
......
......@@ -6,5 +6,6 @@ from django.contrib import admin
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^accounts/', include('django.contrib.auth.urls')),
url(r'gh/', include('gh.urls')),
url(r'', include('rainboard.urls')),
] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
"""Module for github app."""
from django.contrib import admin
# Register your models here.
from django.apps import AppConfig
class GhConfig(AppConfig):
name = 'gh'
from django.db import models
# Create your models here.
from django.test import TestCase
# Create your tests here.
"""URLs for Github."""
from django.urls import path
from . import views
urlpatterns = [
path('user-authorization-callback', views.log),
path('webhook', views.webhook),
path('', views.log),
]
"""Views for dashboard_apps."""
import hmac
from hashlib import sha1
from ipaddress import ip_address, ip_network
import requests
from django.conf import settings
from django.http import HttpRequest
from django.http.response import HttpResponse, HttpResponseForbidden, HttpResponseServerError
from django.utils.encoding import force_bytes
from django.views.decorators.csrf import csrf_exempt
def log(request: HttpRequest, rep: str = 'ok') -> HttpResponse:
"""Just print everything out."""
print(f'{request = }')
print(f'{request.scheme = }')
print(f'{request.body = }')
print(f'{request.path = }')
print(f'{request.path_info = }')
print(f'{request.method = }')
print(f'{request.encoding = }')
print(f'{request.content_type = }')
print(f'{request.content_params = }')
print(f'{request.GET = }')
print(f'{request.POST = }')
print(f'{request.COOKIES = }')
print(f'{request.META = }')
print(f'{request.headers = }')
return HttpResponse(rep)
@csrf_exempt
def webhook(request: HttpRequest) -> HttpResponse:
"""
Process request incoming from a github webhook.
thx https://simpleisbetterthancomplex.com/tutorial/2016/10/31/how-to-handle-github-webhooks-using-django.html
"""
# validate ip source
forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
networks = requests.get('https://api.github.com/meta').json()['hooks']
if any(ip_address(forwarded_for) in ip_network(net) for net in networks):
print('from github IP')
else:
print('not from github IP')
# validate signature
signature = request.META.get('HTTP_X_HUB_SIGNATURE')
if signature is None:
print('no signature')
else:
algo, signature = signature.split('=')
if algo != 'sha1':
return HttpResponseServerError('I only speak sha1.', status=501)
mac = hmac.new(force_bytes(settings.GITHUB_WEBHOOK_KEY), msg=force_bytes(request.body), digestmod=sha1)
if not hmac.compare_digest(force_bytes(mac.hexdigest()), force_bytes(signature)):
return HttpResponseForbidden('wrong signature.')
# process event
event = request.META.get('HTTP_X_GITHUB_EVENT', 'ping')
if event == 'ping':
return log(request, 'pong')
if event == 'push':
return log(request, 'push event detected')
return log(request, event)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment