From 6686cfa10fe670603e13087e5d7fb7aa1b73e933 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Tue, 9 Apr 2019 20:12:47 -0400 Subject: Update to use core.sr.ht's get_origin --- config.example.ini | 11 +++++++++++ gitsrht-keys | 4 ++-- gitsrht/service.py | 6 ++++-- gitsrht/templates/index.html | 2 +- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/config.example.ini b/config.example.ini index 22b62c7..a5806b7 100644 --- a/config.example.ini +++ b/config.example.ini @@ -40,6 +40,17 @@ pgp-privkey= pgp-pubkey= pgp-key-id= +[webhooks] +# +# base64-encoded Ed25519 key for signing webhook payloads. This should be +# consistent for all *.sr.ht sites, as we'll use this key to verify signatures +# from other sites in your network. +# +# Use the srht-webhook-keygen command to generate a key. +# +# If omitted, webhook payloads are unsigned. +private-key= + [git.sr.ht] # # URL git.sr.ht is being served at (protocol://domain) diff --git a/gitsrht-keys b/gitsrht-keys index 8a18a77..3258f3d 100755 --- a/gitsrht-keys +++ b/gitsrht-keys @@ -3,7 +3,7 @@ import os import sys import requests from srht.api import get_results -from srht.config import cfg +from srht.config import cfg, get_origin from srht.database import DbSession db = DbSession(cfg("git.sr.ht", "connection-string")) from gitsrht.types import User, SSHKey @@ -18,7 +18,7 @@ user = (User.query.join(SSHKey) .filter(SSHKey.key.ilike(f"%{b64key}%"))).one_or_none() if not user: # Fall back to meta.sr.ht first - meta_origin = cfg("meta.sr.ht", "origin") + meta_origin = get_origin("meta.sr.ht") r = requests.get(f"{meta_origin}/api/ssh-key/{b64key}") if r.status_code == 200: username = r.json()["owner"]["name"] diff --git a/gitsrht/service.py b/gitsrht/service.py index d73f4ad..c8a92e9 100644 --- a/gitsrht/service.py +++ b/gitsrht/service.py @@ -1,15 +1,16 @@ from flask import Blueprint, request, url_for from gitsrht.types import User, OAuthToken, SSHKey +from scmsrht.oauth import delegated_scopes as scm_scopes from srht.api import get_results from srht.database import db -from srht.config import cfg +from srht.config import cfg, get_origin from srht.flask import csrf_bypass from srht.oauth import AbstractOAuthService import json import requests origin = cfg("git.sr.ht", "origin") -meta_origin = cfg("meta.sr.ht", "origin") +meta_origin = get_origin("meta.sr.ht") client_id = cfg("git.sr.ht", "oauth-client-id") client_secret = cfg("git.sr.ht", "oauth-client-secret") builds_client_id = cfg("builds.sr.ht", "oauth-client-id", default=None) @@ -20,6 +21,7 @@ class GitOAuthService(AbstractOAuthService): required_scopes=["profile", "keys"] + ([ "{}/jobs:write".format(builds_client_id) ] if builds_client_id else []), + delegated_scopes=scm_scopes, token_class=OAuthToken, user_class=User) def ensure_user_sshkey(self, user, meta_key): diff --git a/gitsrht/templates/index.html b/gitsrht/templates/index.html index 8d534c5..8024b18 100644 --- a/gitsrht/templates/index.html +++ b/gitsrht/templates/index.html @@ -23,7 +23,7 @@ Register here {{icon('caret-right')}} or -- cgit v1.2.3