prosody-modules
bd3ff802d883
mod_pubsub_github/mod_pubsub_github.lua
Software / code / prosody-modules
File
mod_pubsub_github/mod_pubsub_github.lua @ 6120:bd3ff802d883
mod_anti_spam: Fix another traceback for origin sessions without an IP
This is likely to be the case for stanzas originating from local hosts, for
example (so not true s2s). It should be safe to bypass the IP check for those.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 28 Dec 2024 21:02:08 +0000 |
| parent | 3531:3bece2db869c |
line wrap: on
line source
module:depends("http"); local st = require "util.stanza"; local json = require "util.json"; local hashes = require "util.hashes"; local from_hex = require "util.hex".from; local hmacs = { sha1 = hashes.hmac_sha1; sha256 = hashes.hmac_sha256; sha384 = hashes.hmac_sha384; sha512 = hashes.hmac_sha512; }; local pubsub_service = module:depends("pubsub").service; -- configuration local default_node = module:get_option("github_node", "github"); local node_prefix = module:get_option_string("github_node_prefix", "github/"); local node_mapping = module:get_option_string("github_node_mapping"); local github_actor = module:get_option_string("github_actor") or true; local github_secret = module:get_option("github_secret"); -- validation assert(github_secret, "Please set 'github_secret'"); local error_mapping = { ["forbidden"] = 403; ["item-not-found"] = 404; ["internal-server-error"] = 500; ["conflict"] = 409; }; local function verify_signature(secret, body, signature) if not signature then return false; end local algo, digest = signature:match("^([^=]+)=(%x+)"); if not algo then return false; end local hmac = hmacs[algo]; if not algo then return false; end return hmac(secret, body) == from_hex(digest); end function handle_POST(event) local request, response = event.request, event.response; if not verify_signature(github_secret, request.body, request.headers.x_hub_signature) then module:log("debug", "Signature validation failed"); return 401; end local data = json.decode(request.body); if not data then response.status_code = 400; return "Invalid JSON. From you of all people..."; end local node = default_node; if node_mapping then node = node_prefix .. data.repository[node_mapping]; end local github_event = request.headers.x_github_event or data.object_kind; if not github_event and data.commits then github_event = "push"; -- curl? end module:log("debug", "Handling '%s' event: \n%s\n", github_event, tostring(request.body)); if github_event == "push" then for _, commit in ipairs(data.commits) do local ok, err = pubsub_service:publish(node, github_actor, commit.id, st.stanza("item", { id = commit.id, xmlns = "http://jabber.org/protocol/pubsub" }) :tag("entry", { xmlns = "http://www.w3.org/2005/Atom" }) :tag("id"):text(commit.id):up() :tag("title"):text(commit.message:match("^[^\r\n]*")):up() :tag("summary"):text(("Commit to %s by %s: %s"):format(data.repository.name, commit.author.name, commit.message:match("^[^\r\n]*"))):up() :tag("content"):text(commit.message):up() :tag("link", { rel = "alternate", href = commit.url }):up() :tag("published"):text(commit.author.date):up() :tag("author") :tag("name"):text(commit.author.name):up() :tag("email"):text(commit.author.email):up() :up() ); if not ok then return error_mapping[err] or 500; end end elseif github_event then module:log("debug", "Unsupported Github event %q", github_event); return 501; end response.status_code = 202; return "Thank you Github!"; end module:provides("http", { route = { POST = handle_POST; }; }); if not node_mapping then function module.load() if not pubsub_service.nodes[default_node] then local ok, err = pubsub_service:create(default_node, true); if not ok then module:log("error", "Error creating node: %s", err); else module:log("debug", "Node %q created", default_node); end end end end
