125 lines
3.0 KiB
Go
125 lines
3.0 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/ed25519"
|
|
_ "embed"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"io/ioutil"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"regexp"
|
|
|
|
"github.com/go-ap/httpsig"
|
|
"github.com/joho/godotenv"
|
|
"github.com/woodpecker-ci/woodpecker/server/model"
|
|
)
|
|
|
|
type config struct {
|
|
Name string `json:"name"`
|
|
Data string `json:"data"`
|
|
}
|
|
|
|
type incoming struct {
|
|
Repo *model.Repo `json:"repo"`
|
|
Build *model.Build `json:"build"`
|
|
Configuration []*config `json:"configs"`
|
|
}
|
|
|
|
//go:embed central-pipeline-config.yml
|
|
var overrideConfiguration string
|
|
|
|
func main() {
|
|
log.Println("Woodpecker central config server")
|
|
|
|
err := godotenv.Load()
|
|
if err != nil {
|
|
log.Fatalf("Error loading .env file: %v", err)
|
|
}
|
|
|
|
pubKeyPath := os.Getenv("CONFIG_SERVICE_PUBLIC_KEY_FILE")
|
|
host := os.Getenv("CONFIG_SERVICE_HOST")
|
|
filterRegex := os.Getenv("CONFIG_SERVICE_OVERRIDE_FILTER")
|
|
|
|
if pubKeyPath == "" && host == "" {
|
|
log.Fatal("Please make sure CONFIG_SERVICE_HOST and CONFIG_SERVICE_PUBLIC_KEY_FILE are set properly")
|
|
}
|
|
|
|
pubKeyRaw, err := ioutil.ReadFile(pubKeyPath)
|
|
if err != nil {
|
|
log.Fatal("Failed to read public key file")
|
|
}
|
|
pubKeyStr, err := hex.DecodeString(string(pubKeyRaw))
|
|
if err != nil {
|
|
log.Fatal("Failed to decode public key")
|
|
}
|
|
pubKey := ed25519.PublicKey(pubKeyStr)
|
|
|
|
filter := regexp.MustCompile(filterRegex)
|
|
|
|
http.HandleFunc("/ciconfig", func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost {
|
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
// check signature
|
|
pubKeyID := "woodpecker-ci-plugins"
|
|
|
|
keystore := httpsig.NewMemoryKeyStore()
|
|
keystore.SetKey(pubKeyID, pubKey)
|
|
|
|
verifier := httpsig.NewVerifier(keystore)
|
|
verifier.SetRequiredHeaders([]string{"(request-target)", "date"})
|
|
|
|
keyID, err := verifier.Verify(r)
|
|
if err != nil {
|
|
log.Printf("config: invalid or missing signature in http.Request")
|
|
http.Error(w, "Invalid or Missing Signature", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if keyID != pubKeyID {
|
|
log.Printf("config: invalid signature in http.Request")
|
|
http.Error(w, "Invalid Signature", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var req incoming
|
|
body, err := ioutil.ReadAll(r.Body)
|
|
if err != nil {
|
|
log.Printf("Error reading body: %v", err)
|
|
http.Error(w, "can't read body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
err = json.Unmarshal(body, &req)
|
|
if err != nil {
|
|
http.Error(w, "Failed to parse JSON"+err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if filter.MatchString(req.Repo.Name) {
|
|
w.WriteHeader(http.StatusOK)
|
|
err = json.NewEncoder(w).Encode(map[string]interface{}{"configs": []config{
|
|
{
|
|
Name: "central pipe",
|
|
Data: overrideConfiguration,
|
|
},
|
|
}})
|
|
if err != nil {
|
|
log.Printf("Error on encoding json %v\n", err)
|
|
}
|
|
} else {
|
|
w.WriteHeader(http.StatusNoContent) // use default config
|
|
// No need to write a response body
|
|
}
|
|
|
|
})
|
|
|
|
err = http.ListenAndServe(os.Getenv("CONFIG_SERVICE_HOST"), nil)
|
|
if err != nil {
|
|
log.Fatalf("Error on listen: %v", err)
|
|
}
|
|
}
|