diff options
author | Drew DeVault <sir@cmpwn.com> | 2019-02-14 11:29:09 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2019-02-14 11:29:09 -0500 |
commit | 411c109a0f3b95445097620d21eccbf1cef3267c (patch) | |
tree | 44d9be891f489ed5a10104d044768f714f66b259 | |
parent | 79a2eace360678d8e15ef634f45c531408566c93 (diff) |
Rig up SSH key notify webhook
-rw-r--r-- | gitsrht/app.py | 17 | ||||
-rw-r--r-- | gitsrht/service.py | 39 |
2 files changed, 42 insertions, 14 deletions
diff --git a/gitsrht/app.py b/gitsrht/app.py index a030f08..c4b8663 100644 --- a/gitsrht/app.py +++ b/gitsrht/app.py @@ -6,27 +6,15 @@ from functools import lru_cache from gitsrht import urls from gitsrht.git import commit_time, trim_commit from gitsrht.repos import GitRepoApi -from gitsrht.types import Access, Redirect, Repository, User, OAuthToken +from gitsrht.service import GitOAuthService, webhooks_notify +from gitsrht.types import Access, Redirect, Repository, User from scmsrht.flask import ScmSrhtFlask from srht.config import cfg from srht.database import DbSession -from srht.oauth import AbstractOAuthService db = DbSession(cfg("git.sr.ht", "connection-string")) db.init() -client_id = cfg("git.sr.ht", "oauth-client-id") -client_secret = cfg("git.sr.ht", "oauth-client-secret") -builds_client_id = cfg("builds.sr.ht", "oauth-client-id", default=None) - -class GitOAuthService(AbstractOAuthService): - def __init__(self): - super().__init__(client_id, client_secret, - required_scopes=["profile"] + ([ - "{}/jobs:write".format(builds_client_id) - ] if builds_client_id else []), - token_class=OAuthToken, user_class=User) - class GitApp(ScmSrhtFlask): def __init__(self): super().__init__("git.sr.ht", __name__, @@ -40,6 +28,7 @@ class GitApp(ScmSrhtFlask): self.register_blueprint(repo) self.register_blueprint(stats) + self.register_blueprint(webhooks_notify) self.add_template_filter(urls.clone_urls) self.add_template_filter(urls.log_rss_url) diff --git a/gitsrht/service.py b/gitsrht/service.py new file mode 100644 index 0000000..67398bd --- /dev/null +++ b/gitsrht/service.py @@ -0,0 +1,39 @@ +from flask import Blueprint, request, url_for +from gitsrht.types import User, OAuthToken +from srht.api import get_results +from srht.config import cfg +from srht.flask import csrf_bypass +from srht.oauth import AbstractOAuthService +import json +import requests + +origin = cfg("git.sr.ht", "origin") +client_id = cfg("git.sr.ht", "oauth-client-id") +client_secret = cfg("git.sr.ht", "oauth-client-secret") +builds_client_id = cfg("builds.sr.ht", "oauth-client-id", default=None) + +class GitOAuthService(AbstractOAuthService): + def __init__(self): + super().__init__(client_id, client_secret, + required_scopes=["profile", "keys"] + ([ + "{}/jobs:write".format(builds_client_id) + ] if builds_client_id else []), + token_class=OAuthToken, user_class=User) + + def ensure_meta_webhooks(self, user, webhooks): + webhook_url = origin + url_for("webhooks.notify.notify_keys") + webhooks.update({ + webhook_url: ["ssh-key:add", "ssh-key:remove"] + }) + super().ensure_meta_webhooks(user, webhooks) + +webhooks_notify = Blueprint("webhooks.notify", __name__) + +@csrf_bypass +@webhooks_notify.route("/webhook/notify/keys", methods=["POST"]) +def notify_keys(): + payload = json.loads(request.data.decode('utf-8')) + event = request.headers.get("X-Webhook-Event") + # TODO: Store these keys in the database + print(event, payload) + return "Thanks!" |