Commit 2bf16413 authored by Guilhem Saurel's avatar Guilhem Saurel
Browse files

add gh app

parent 980a97bc
Pipeline #8455 failed with stage
in 43 seconds
...@@ -3,7 +3,6 @@ from ipaddress import ip_address, ip_network ...@@ -3,7 +3,6 @@ from ipaddress import ip_address, ip_network
from django.conf import settings from django.conf import settings
from django.http import HttpRequest, HttpResponse, HttpResponseRedirect from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
from django.shortcuts import reverse from django.shortcuts import reverse
from rest_framework import permissions from rest_framework import permissions
...@@ -22,7 +21,8 @@ class LAASPermsMiddleware: ...@@ -22,7 +21,8 @@ class LAASPermsMiddleware:
or if the user is authenticated, or if the user is authenticated,
or if the request comes from a trusted IP. or if the request comes from a trusted IP.
""" """
allowed = (request.path.startswith('/admin/') or request.path.startswith('/accounts/') ALLOWED_URLS = ('admin', 'accounts', 'gh')
allowed = (any(request.path.startswith(f'/{url}/') for url in ALLOWED_URLS)
or request.user and request.user.is_authenticated or request.user and request.user.is_authenticated
or request.method in permissions.SAFE_METHODS and ip_laas(request)) or request.method in permissions.SAFE_METHODS and ip_laas(request))
......
...@@ -46,6 +46,7 @@ INSTALLED_APPS = [ ...@@ -46,6 +46,7 @@ INSTALLED_APPS = [
'bootstrap4', 'bootstrap4',
'ndh', 'ndh',
'rainboard', 'rainboard',
'gh',
] ]
MIDDLEWARE = [ MIDDLEWARE = [
...@@ -160,6 +161,7 @@ RAINBOARD_RPKG = RAINBOARD_DATA / 'robotpkg' ...@@ -160,6 +161,7 @@ RAINBOARD_RPKG = RAINBOARD_DATA / 'robotpkg'
PRIVATE_REGISTRY = 'gepgitlab.laas.fr:4567' PRIVATE_REGISTRY = 'gepgitlab.laas.fr:4567'
PUBLIC_REGISTRY = 'memmos.laas.fr:5000' PUBLIC_REGISTRY = 'memmos.laas.fr:5000'
GITHUB_USER = 'hrp2-14' GITHUB_USER = 'hrp2-14'
GITHUB_WEBHOOK_KEY = os.environ['GITHUB_WEBHOOK_KEY']
AUTHENTICATION_BACKENDS = ["django_auth_ldap.backend.LDAPBackend"] AUTHENTICATION_BACKENDS = ["django_auth_ldap.backend.LDAPBackend"]
......
...@@ -6,5 +6,6 @@ from django.contrib import admin ...@@ -6,5 +6,6 @@ from django.contrib import admin
urlpatterns = [ urlpatterns = [
url(r'^admin/', admin.site.urls), url(r'^admin/', admin.site.urls),
url(r'^accounts/', include('django.contrib.auth.urls')), url(r'^accounts/', include('django.contrib.auth.urls')),
url(r'gh/', include('gh.urls')),
url(r'', include('rainboard.urls')), url(r'', include('rainboard.urls')),
] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
"""Module for github app."""
from django.contrib import admin
# Register your models here.
from django.apps import AppConfig
class GhConfig(AppConfig):
name = 'gh'
from django.db import models
# Create your models here.
from django.test import TestCase
# Create your tests here.
"""URLs for Github."""
from django.urls import path
from . import views
urlpatterns = [
path('user-authorization-callback', views.log),
path('webhook', views.webhook),
path('', views.log),
]
"""Views for dashboard_apps."""
import hmac
from hashlib import sha1
from ipaddress import ip_address, ip_network
import requests
from django.conf import settings
from django.http import HttpRequest
from django.http.response import HttpResponse, HttpResponseForbidden, HttpResponseServerError
from django.utils.encoding import force_bytes
from django.views.decorators.csrf import csrf_exempt
def log(request: HttpRequest, rep: str = 'ok') -> HttpResponse:
"""Just print everything out."""
print(f'{request = }')
print(f'{request.scheme = }')
print(f'{request.body = }')
print(f'{request.path = }')
print(f'{request.path_info = }')
print(f'{request.method = }')
print(f'{request.encoding = }')
print(f'{request.content_type = }')
print(f'{request.content_params = }')
print(f'{request.GET = }')
print(f'{request.POST = }')
print(f'{request.COOKIES = }')
print(f'{request.META = }')
print(f'{request.headers = }')
return HttpResponse(rep)
@csrf_exempt
def webhook(request: HttpRequest) -> HttpResponse:
"""
Process request incoming from a github webhook.
thx https://simpleisbetterthancomplex.com/tutorial/2016/10/31/how-to-handle-github-webhooks-using-django.html
"""
# validate ip source
forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
networks = requests.get('https://api.github.com/meta').json()['hooks']
if any(ip_address(forwarded_for) in ip_network(net) for net in networks):
print('from github IP')
else:
print('not from github IP')
# validate signature
signature = request.META.get('HTTP_X_HUB_SIGNATURE')
if signature is None:
print('no signature')
else:
algo, signature = signature.split('=')
if algo != 'sha1':
return HttpResponseServerError('I only speak sha1.', status=501)
mac = hmac.new(force_bytes(settings.GITHUB_WEBHOOK_KEY), msg=force_bytes(request.body), digestmod=sha1)
if not hmac.compare_digest(force_bytes(mac.hexdigest()), force_bytes(signature)):
return HttpResponseForbidden('wrong signature.')
# process event
event = request.META.get('HTTP_X_GITHUB_EVENT', 'ping')
if event == 'ping':
return log(request, 'pong')
if event == 'push':
return log(request, 'push event detected')
return log(request, event)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment