woodpecker-config-service/main.go
2022-06-01 20:38:04 +02:00

125 lines
3.0 KiB
Go

package main
import (
"crypto/ed25519"
_ "embed"
"encoding/hex"
"encoding/json"
"io/ioutil"
"log"
"net/http"
"os"
"regexp"
"github.com/go-ap/httpsig"
"github.com/joho/godotenv"
"github.com/woodpecker-ci/woodpecker/server/model"
)
type config struct {
Name string `json:"name"`
Data string `json:"data"`
}
type incoming struct {
Repo *model.Repo `json:"repo"`
Build *model.Build `json:"build"`
Configuration []*config `json:"configs"`
}
//go:embed central-pipeline-config.yml
var overrideConfiguration string
func main() {
log.Println("Woodpecker central config server")
err := godotenv.Load()
if err != nil {
log.Fatalf("Error loading .env file: %v", err)
}
pubKeyPath := os.Getenv("CONFIG_SERVICE_PUBLIC_KEY_FILE")
host := os.Getenv("CONFIG_SERVICE_HOST")
filterRegex := os.Getenv("CONFIG_SERVICE_OVERRIDE_FILTER")
if pubKeyPath == "" && host == "" {
log.Fatal("Please make sure CONFIG_SERVICE_HOST and CONFIG_SERVICE_PUBLIC_KEY_FILE are set properly")
}
pubKeyRaw, err := ioutil.ReadFile(pubKeyPath)
if err != nil {
log.Fatal("Failed to read public key file")
}
pubKeyStr, err := hex.DecodeString(string(pubKeyRaw))
if err != nil {
log.Fatal("Failed to decode public key")
}
pubKey := ed25519.PublicKey(pubKeyStr)
filter := regexp.MustCompile(filterRegex)
http.HandleFunc("/ciconfig", func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
// check signature
pubKeyID := "woodpecker-ci-plugins"
keystore := httpsig.NewMemoryKeyStore()
keystore.SetKey(pubKeyID, pubKey)
verifier := httpsig.NewVerifier(keystore)
verifier.SetRequiredHeaders([]string{"(request-target)", "date"})
keyID, err := verifier.Verify(r)
if err != nil {
log.Printf("config: invalid or missing signature in http.Request")
http.Error(w, "Invalid or Missing Signature", http.StatusBadRequest)
return
}
if keyID != pubKeyID {
log.Printf("config: invalid signature in http.Request")
http.Error(w, "Invalid Signature", http.StatusBadRequest)
return
}
var req incoming
body, err := ioutil.ReadAll(r.Body)
if err != nil {
log.Printf("Error reading body: %v", err)
http.Error(w, "can't read body", http.StatusBadRequest)
return
}
err = json.Unmarshal(body, &req)
if err != nil {
http.Error(w, "Failed to parse JSON"+err.Error(), http.StatusBadRequest)
return
}
if filter.MatchString(req.Repo.Name) {
w.WriteHeader(http.StatusOK)
err = json.NewEncoder(w).Encode(map[string]interface{}{"configs": []config{
{
Name: "central pipe",
Data: overrideConfiguration,
},
}})
if err != nil {
log.Printf("Error on encoding json %v\n", err)
}
} else {
w.WriteHeader(http.StatusNoContent) // use default config
// No need to write a response body
}
})
err = http.ListenAndServe(os.Getenv("CONFIG_SERVICE_HOST"), nil)
if err != nil {
log.Fatalf("Error on listen: %v", err)
}
}