2019-11-01 23:51:22 +01:00
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
2022-11-27 19:20:29 +01:00
|
|
|
// SPDX-License-Identifier: MIT
|
2019-11-01 23:51:22 +01:00
|
|
|
|
|
|
|
|
package webhook
|
|
|
|
|
|
|
|
|
|
import (
|
2019-12-15 10:51:28 +01:00
|
|
|
"context"
|
2019-11-01 23:51:22 +01:00
|
|
|
"crypto/tls"
|
|
|
|
|
"fmt"
|
2021-06-27 21:21:09 +02:00
|
|
|
"io"
|
2019-11-01 23:51:22 +01:00
|
|
|
"net/http"
|
|
|
|
|
"net/url"
|
|
|
|
|
"strings"
|
2019-11-08 22:25:53 +01:00
|
|
|
"sync"
|
2019-11-01 23:51:22 +01:00
|
|
|
"time"
|
|
|
|
|
|
2021-11-10 06:13:16 +01:00
|
|
|
webhook_model "code.gitea.io/gitea/models/webhook"
|
2019-12-15 10:51:28 +01:00
|
|
|
"code.gitea.io/gitea/modules/graceful"
|
2021-11-20 10:34:05 +01:00
|
|
|
"code.gitea.io/gitea/modules/hostmatcher"
|
2019-11-01 23:51:22 +01:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
2022-11-23 15:10:04 +01:00
|
|
|
"code.gitea.io/gitea/modules/process"
|
2021-08-18 15:10:39 +02:00
|
|
|
"code.gitea.io/gitea/modules/proxy"
|
2022-04-25 20:03:01 +02:00
|
|
|
"code.gitea.io/gitea/modules/queue"
|
2019-11-01 23:51:22 +01:00
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2023-05-04 01:53:43 +02:00
|
|
|
"code.gitea.io/gitea/modules/timeutil"
|
2023-01-01 16:23:15 +01:00
|
|
|
webhook_module "code.gitea.io/gitea/modules/webhook"
|
2021-11-10 06:13:16 +01:00
|
|
|
|
2019-11-08 22:25:53 +01:00
|
|
|
"github.com/gobwas/glob"
|
2019-11-01 23:51:22 +01:00
|
|
|
)
|
|
|
|
|
|
2024-03-07 23:18:38 +01:00
|
|
|
// Deliver creates the [http.Request] (depending on the webhook type), sends it
|
|
|
|
|
// and records the status and response.
|
|
|
|
|
func Deliver(ctx context.Context, t *webhook_model.HookTask) error {
|
|
|
|
|
w, err := webhook_model.GetWebhookByID(ctx, t.HookID)
|
2022-11-03 19:23:20 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2024-03-07 23:18:38 +01:00
|
|
|
|
|
|
|
|
defer func() {
|
|
|
|
|
err := recover()
|
|
|
|
|
if err == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
// There was a panic whilst delivering a hook...
|
|
|
|
|
log.Error("PANIC whilst trying to deliver webhook task[%d] to webhook %s Panic: %v\nStacktrace: %s", t.ID, w.URL, err, log.Stack(2))
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
t.IsDelivered = true
|
|
|
|
|
|
2024-03-20 15:44:01 +01:00
|
|
|
handler := GetWebhookHandler(w.Type)
|
|
|
|
|
if handler == nil {
|
|
|
|
|
return fmt.Errorf("GetWebhookHandler %q", w.Type)
|
|
|
|
|
}
|
|
|
|
|
if t.PayloadVersion == 1 {
|
|
|
|
|
handler = defaultHandler{true}
|
2024-03-07 23:18:38 +01:00
|
|
|
}
|
|
|
|
|
|
2024-03-20 15:44:01 +01:00
|
|
|
req, body, err := handler.NewRequest(ctx, w, t)
|
2024-03-07 23:18:38 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("cannot create http request for webhook %s[%d %s]: %w", w.Type, w.ID, w.URL, err)
|
2022-11-03 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
2019-11-01 23:51:22 +01:00
|
|
|
// Record delivery information.
|
2021-11-10 06:13:16 +01:00
|
|
|
t.RequestInfo = &webhook_model.HookRequest{
|
2021-06-27 21:21:09 +02:00
|
|
|
URL: req.URL.String(),
|
|
|
|
|
HTTPMethod: req.Method,
|
|
|
|
|
Headers: map[string]string{},
|
2024-03-07 23:18:38 +01:00
|
|
|
Body: string(body),
|
2019-11-01 23:51:22 +01:00
|
|
|
}
|
|
|
|
|
for k, vals := range req.Header {
|
|
|
|
|
t.RequestInfo.Headers[k] = strings.Join(vals, ",")
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-07 23:18:38 +01:00
|
|
|
// Add Authorization Header
|
|
|
|
|
authorization, err := w.HeaderAuthorization()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("cannot get Authorization header for webhook %s[%d %s]: %w", w.Type, w.ID, w.URL, err)
|
|
|
|
|
}
|
|
|
|
|
if authorization != "" {
|
|
|
|
|
req.Header.Set("Authorization", authorization)
|
|
|
|
|
t.RequestInfo.Headers["Authorization"] = "******"
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-10 06:13:16 +01:00
|
|
|
t.ResponseInfo = &webhook_model.HookResponse{
|
2019-11-01 23:51:22 +01:00
|
|
|
Headers: map[string]string{},
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-23 15:10:04 +01:00
|
|
|
// OK We're now ready to attempt to deliver the task - we must double check that it
|
|
|
|
|
// has not been delivered in the meantime
|
|
|
|
|
updated, err := webhook_model.MarkTaskDelivered(ctx, t)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Error("MarkTaskDelivered[%d]: %v", t.ID, err)
|
|
|
|
|
return fmt.Errorf("unable to mark task[%d] delivered in the db: %w", t.ID, err)
|
|
|
|
|
}
|
|
|
|
|
if !updated {
|
|
|
|
|
// This webhook task has already been attempted to be delivered or is in the process of being delivered
|
|
|
|
|
log.Trace("Webhook Task[%d] already delivered", t.ID)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// All code from this point will update the hook task
|
2019-11-01 23:51:22 +01:00
|
|
|
defer func() {
|
2023-05-04 01:53:43 +02:00
|
|
|
t.Delivered = timeutil.TimeStampNanoNow()
|
2019-11-01 23:51:22 +01:00
|
|
|
if t.IsSucceed {
|
|
|
|
|
log.Trace("Hook delivered: %s", t.UUID)
|
2022-03-28 05:17:21 +02:00
|
|
|
} else if !w.IsActive {
|
|
|
|
|
log.Trace("Hook delivery skipped as webhook is inactive: %s", t.UUID)
|
2019-11-01 23:51:22 +01:00
|
|
|
} else {
|
|
|
|
|
log.Trace("Hook delivery failed: %s", t.UUID)
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-14 10:37:24 +02:00
|
|
|
if err := webhook_model.UpdateHookTask(ctx, t); err != nil {
|
2019-11-01 23:51:22 +01:00
|
|
|
log.Error("UpdateHookTask [%d]: %v", t.ID, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Update webhook last delivery status.
|
|
|
|
|
if t.IsSucceed {
|
2023-01-01 16:23:15 +01:00
|
|
|
w.LastStatus = webhook_module.HookStatusSucceed
|
2019-11-01 23:51:22 +01:00
|
|
|
} else {
|
2023-01-01 16:23:15 +01:00
|
|
|
w.LastStatus = webhook_module.HookStatusFail
|
2019-11-01 23:51:22 +01:00
|
|
|
}
|
2023-10-14 10:37:24 +02:00
|
|
|
if err = webhook_model.UpdateWebhookLastStatus(ctx, w); err != nil {
|
2019-11-01 23:51:22 +01:00
|
|
|
log.Error("UpdateWebhookLastStatus: %v", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
2021-02-11 18:34:34 +01:00
|
|
|
if setting.DisableWebhooks {
|
2021-11-20 10:34:05 +01:00
|
|
|
return fmt.Errorf("webhook task skipped (webhooks disabled): [%d]", t.ID)
|
2021-02-11 18:34:34 +01:00
|
|
|
}
|
|
|
|
|
|
2022-03-28 05:17:21 +02:00
|
|
|
if !w.IsActive {
|
2022-11-23 15:10:04 +01:00
|
|
|
log.Trace("Webhook %s in Webhook Task[%d] is not active", w.URL, t.ID)
|
2022-03-28 05:17:21 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-31 19:01:43 +02:00
|
|
|
resp, err := webhookHTTPClient.Do(req.WithContext(ctx))
|
2019-11-01 23:51:22 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.ResponseInfo.Body = fmt.Sprintf("Delivery: %v", err)
|
2022-11-23 15:10:04 +01:00
|
|
|
return fmt.Errorf("unable to deliver webhook task[%d] in %s due to error in http client: %w", t.ID, w.URL, err)
|
2019-11-01 23:51:22 +01:00
|
|
|
}
|
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
|
|
// Status code is 20x can be seen as succeed.
|
|
|
|
|
t.IsSucceed = resp.StatusCode/100 == 2
|
|
|
|
|
t.ResponseInfo.Status = resp.StatusCode
|
|
|
|
|
for k, vals := range resp.Header {
|
|
|
|
|
t.ResponseInfo.Headers[k] = strings.Join(vals, ",")
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-22 07:38:34 +02:00
|
|
|
p, err := io.ReadAll(resp.Body)
|
2019-11-01 23:51:22 +01:00
|
|
|
if err != nil {
|
|
|
|
|
t.ResponseInfo.Body = fmt.Sprintf("read body: %s", err)
|
2022-11-23 15:10:04 +01:00
|
|
|
return fmt.Errorf("unable to deliver webhook task[%d] in %s as unable to read response body: %w", t.ID, w.URL, err)
|
2019-11-01 23:51:22 +01:00
|
|
|
}
|
|
|
|
|
t.ResponseInfo.Body = string(p)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-08 22:25:53 +01:00
|
|
|
var (
|
|
|
|
|
webhookHTTPClient *http.Client
|
|
|
|
|
once sync.Once
|
|
|
|
|
hostMatchers []glob.Glob
|
|
|
|
|
)
|
|
|
|
|
|
2023-10-18 11:44:36 +02:00
|
|
|
func webhookProxy(allowList *hostmatcher.HostMatchList) func(req *http.Request) (*url.URL, error) {
|
2019-11-08 22:25:53 +01:00
|
|
|
if setting.Webhook.ProxyURL == "" {
|
2021-08-18 15:10:39 +02:00
|
|
|
return proxy.Proxy()
|
2019-11-08 22:25:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
once.Do(func() {
|
|
|
|
|
for _, h := range setting.Webhook.ProxyHosts {
|
|
|
|
|
if g, err := glob.Compile(h); err == nil {
|
|
|
|
|
hostMatchers = append(hostMatchers, g)
|
|
|
|
|
} else {
|
|
|
|
|
log.Error("glob.Compile %s failed: %v", h, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return func(req *http.Request) (*url.URL, error) {
|
|
|
|
|
for _, v := range hostMatchers {
|
|
|
|
|
if v.Match(req.URL.Host) {
|
2023-10-18 11:44:36 +02:00
|
|
|
if !allowList.MatchHostName(req.URL.Host) {
|
|
|
|
|
return nil, fmt.Errorf("webhook can only call allowed HTTP servers (check your %s setting), deny '%s'", allowList.SettingKeyHint, req.URL.Host)
|
|
|
|
|
}
|
2019-11-08 22:25:53 +01:00
|
|
|
return http.ProxyURL(setting.Webhook.ProxyURLFixed)(req)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return http.ProxyFromEnvironment(req)
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-11-01 23:51:22 +01:00
|
|
|
|
2022-04-25 20:03:01 +02:00
|
|
|
// Init starts the hooks delivery thread
|
|
|
|
|
func Init() error {
|
2019-11-01 23:51:22 +01:00
|
|
|
timeout := time.Duration(setting.Webhook.DeliverTimeout) * time.Second
|
|
|
|
|
|
2021-11-20 10:34:05 +01:00
|
|
|
allowedHostListValue := setting.Webhook.AllowedHostList
|
|
|
|
|
if allowedHostListValue == "" {
|
|
|
|
|
allowedHostListValue = hostmatcher.MatchBuiltinExternal
|
|
|
|
|
}
|
|
|
|
|
allowedHostMatcher := hostmatcher.ParseHostMatchList("webhook.ALLOWED_HOST_LIST", allowedHostListValue)
|
|
|
|
|
|
2019-11-01 23:51:22 +01:00
|
|
|
webhookHTTPClient = &http.Client{
|
2021-11-01 09:39:52 +01:00
|
|
|
Timeout: timeout,
|
2019-11-01 23:51:22 +01:00
|
|
|
Transport: &http.Transport{
|
|
|
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify},
|
2023-10-18 11:44:36 +02:00
|
|
|
Proxy: webhookProxy(allowedHostMatcher),
|
|
|
|
|
DialContext: hostmatcher.NewDialContextWithProxy("webhook", allowedHostMatcher, nil, setting.Webhook.ProxyURLFixed),
|
2019-11-01 23:51:22 +01:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
Improve queue and logger context (#24924)
Before there was a "graceful function": RunWithShutdownFns, it's mainly
for some modules which doesn't support context.
The old queue system doesn't work well with context, so the old queues
need it.
After the queue refactoring, the new queue works with context well, so,
use Golang context as much as possible, the `RunWithShutdownFns` could
be removed (replaced by RunWithCancel for context cancel mechanism), the
related code could be simplified.
This PR also fixes some legacy queue-init problems, eg:
* typo : archiver: "unable to create codes indexer queue" => "unable to
create repo-archive queue"
* no nil check for failed queues, which causes unfriendly panic
After this PR, many goroutines could have better display name:
2023-05-26 09:31:55 +02:00
|
|
|
hookQueue = queue.CreateUniqueQueue(graceful.GetManager().ShutdownContext(), "webhook_sender", handler)
|
2022-04-25 20:03:01 +02:00
|
|
|
if hookQueue == nil {
|
Improve queue and logger context (#24924)
Before there was a "graceful function": RunWithShutdownFns, it's mainly
for some modules which doesn't support context.
The old queue system doesn't work well with context, so the old queues
need it.
After the queue refactoring, the new queue works with context well, so,
use Golang context as much as possible, the `RunWithShutdownFns` could
be removed (replaced by RunWithCancel for context cancel mechanism), the
related code could be simplified.
This PR also fixes some legacy queue-init problems, eg:
* typo : archiver: "unable to create codes indexer queue" => "unable to
create repo-archive queue"
* no nil check for failed queues, which causes unfriendly panic
After this PR, many goroutines could have better display name:
2023-05-26 09:31:55 +02:00
|
|
|
return fmt.Errorf("unable to create webhook_sender queue")
|
2022-04-25 20:03:01 +02:00
|
|
|
}
|
Improve queue and logger context (#24924)
Before there was a "graceful function": RunWithShutdownFns, it's mainly
for some modules which doesn't support context.
The old queue system doesn't work well with context, so the old queues
need it.
After the queue refactoring, the new queue works with context well, so,
use Golang context as much as possible, the `RunWithShutdownFns` could
be removed (replaced by RunWithCancel for context cancel mechanism), the
related code could be simplified.
This PR also fixes some legacy queue-init problems, eg:
* typo : archiver: "unable to create codes indexer queue" => "unable to
create repo-archive queue"
* no nil check for failed queues, which causes unfriendly panic
After this PR, many goroutines could have better display name:
2023-05-26 09:31:55 +02:00
|
|
|
go graceful.GetManager().RunWithCancel(hookQueue)
|
2022-04-25 20:03:01 +02:00
|
|
|
|
2022-11-23 15:10:04 +01:00
|
|
|
go graceful.GetManager().RunWithShutdownContext(populateWebhookSendingQueue)
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func populateWebhookSendingQueue(ctx context.Context) {
|
|
|
|
|
ctx, _, finished := process.GetManager().AddContext(ctx, "Webhook: Populate sending queue")
|
|
|
|
|
defer finished()
|
2022-10-21 18:21:56 +02:00
|
|
|
|
2022-11-23 15:10:04 +01:00
|
|
|
lowerID := int64(0)
|
|
|
|
|
for {
|
|
|
|
|
taskIDs, err := webhook_model.FindUndeliveredHookTaskIDs(ctx, lowerID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Error("Unable to populate webhook queue as FindUndeliveredHookTaskIDs failed: %v", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if len(taskIDs) == 0 {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
lowerID = taskIDs[len(taskIDs)-1]
|
|
|
|
|
|
|
|
|
|
for _, taskID := range taskIDs {
|
|
|
|
|
select {
|
|
|
|
|
case <-ctx.Done():
|
|
|
|
|
log.Warn("Shutdown before Webhook Sending queue finishing being populated")
|
|
|
|
|
return
|
|
|
|
|
default:
|
|
|
|
|
}
|
|
|
|
|
if err := enqueueHookTask(taskID); err != nil {
|
|
|
|
|
log.Error("Unable to push HookTask[%d] to the Webhook Sending queue: %v", taskID, err)
|
|
|
|
|
}
|
2022-10-21 18:21:56 +02:00
|
|
|
}
|
|
|
|
|
}
|
2019-11-01 23:51:22 +01:00
|
|
|
}
|
