|
Pierre-Yves Chibon |
b5fb9a |
Using web-hooks
|
|
Pierre-Yves Chibon |
b5fb9a |
===============
|
|
Pierre-Yves Chibon |
b5fb9a |
|
|
Pierre-Yves Chibon |
b5fb9a |
Web-hooks are a notification system that could be compared to a callback.
|
|
Pierre-Yves Chibon |
b5fb9a |
Basically, pagure will make a HTTP POST request to one or more third party
|
|
Pierre-Yves Chibon |
b5fb9a |
server/application with information about what is or just happened.
|
|
Pierre-Yves Chibon |
f694ba |
|
|
Sergio Durigan Junior |
55ceba |
Activating web-hooks notifications
|
|
Pierre-Yves Chibon |
28bff3 |
--------------------------------
|
|
Pierre-Yves Chibon |
28bff3 |
|
|
Pierre-Yves Chibon |
f694ba |
To set-up a web-hook, simply go to the settings page of your project and
|
|
Pierre-Yves Chibon |
67f938 |
enter the URL to the server/endpoint that will receive the notifications.
|
|
Pierre-Yves Chibon |
28bff3 |
If you wish to enter multiple URLs, enter one per line.
|
|
Pierre-Yves Chibon |
28bff3 |
To stop all notifications, clear out that field.
|
|
Pierre-Yves Chibon |
28bff3 |
|
|
Pierre-Yves Chibon |
28bff3 |
Pagure will send a notification to this/these URL(s) for every action made
|
|
Pierre-Yves Chibon |
28bff3 |
on this project: new issue, new pull-request, new comments, new commits...
|
|
Pierre-Yves Chibon |
28bff3 |
|
|
Pierre-Yves Chibon |
28bff3 |
.. note:: The notifications sent via web-hooks have the same payload as the
|
|
Pierre-Yves Chibon |
28bff3 |
notifications sent via `fedmsg <http: en="" latest="" www.fedmsg.com="">`_.</http:>
|
|
Pierre-Yves Chibon |
28bff3 |
Therefore, the list of pagure topics as well as example messages can be
|
|
Pierre-Yves Chibon |
28bff3 |
found in the `fedmsg documentation about pagure
|
|
Pierre-Yves Chibon |
28bff3 |
<https: en="" fedora-fedmsg.readthedocs.io="" latest="" topics.html#id550="">`_</https:>
|
|
Pierre-Yves Chibon |
28bff3 |
|
|
Pierre-Yves Chibon |
28bff3 |
Authenticating the notifications
|
|
Pierre-Yves Chibon |
28bff3 |
--------------------------------
|
|
Pierre-Yves Chibon |
f694ba |
|
|
Pierre-Yves Chibon |
67f938 |
There is, in the settings page, a web-hook key which is used by the
|
|
Pierre-Yves Chibon |
67f938 |
server (here pagure) to sign the message sent and which you can use to
|
|
Pierre-Yves Chibon |
67f938 |
ensure the notifications received are coming from the right source.
|
|
Pierre-Yves Chibon |
414e87 |
|
|
Pierre-Yves Chibon |
d28610 |
Each POST request made contains some specific headers:
|
|
Pierre-Yves Chibon |
414e87 |
|
|
Pierre-Yves Chibon |
414e87 |
::
|
|
Pierre-Yves Chibon |
414e87 |
|
|
Pierre-Yves Chibon |
d28610 |
X-Pagure
|
|
Pierre-Yves Chibon |
d28610 |
X-Pagure-Project
|
|
Pierre-Yves Chibon |
414e87 |
X-Pagure-Signature
|
|
Patrick Uiterwijk |
e99b9a |
X-Pagure-Signature-256
|
|
Pierre-Yves Chibon |
d28610 |
X-Pagure-Topic
|
|
Pierre-Yves Chibon |
414e87 |
|
|
Pierre-Yves Chibon |
d28610 |
``X-Pagure`` contains URL of the pagure instance sending this notification.
|
|
Pierre-Yves Chibon |
414e87 |
|
|
Pierre-Yves Chibon |
d28610 |
``X-Pagure-Project`` contains the name of the project on that pagure instance.
|
|
Pierre-Yves Chibon |
414e87 |
|
|
Pierre-Yves Chibon |
414e87 |
``X-Pagure-Signature`` contains the signature of the message allowing to
|
|
Pierre-Yves Chibon |
414e87 |
check that the message comes from pagure.
|
|
Pierre-Yves Chibon |
72c25a |
|
|
Patrick Uiterwijk |
e99b9a |
``X-Pagure-Signature-256`` contains the SHA-256 signature of the message
|
|
Patrick Uiterwijk |
e99b9a |
allowing to check that the message comes from pagure.
|
|
Patrick Uiterwijk |
e99b9a |
|
|
Patrick Uiterwijk |
213059 |
.. note:: These headers are present to allow you to verify that the webhook
|
|
Patrick Uiterwijk |
213059 |
was actually sent by the correct Pagure instance. These are not
|
|
Patrick Uiterwijk |
213059 |
included in the signed data.
|
|
Patrick Uiterwijk |
213059 |
|
|
Pierre-Yves Chibon |
d28610 |
``X-Pagure-Topic`` is a global header giving a clue about the type of action
|
|
Pierre-Yves Chibon |
d28610 |
that just occurred. For example ``issue.edit``.
|
|
Pierre-Yves Chibon |
d28610 |
|
|
Pierre-Yves Chibon |
d28610 |
.. warning:: The headers ``X-Pagure``, ``X-Pagure-Project`` and ``X-Pagure-Topic``
|
|
Pierre-Yves Chibon |
d28610 |
are present for convenience only, they are not signed and therefore
|
|
Pierre-Yves Chibon |
d28610 |
should not be trusted. Rely on the payload after checking the
|
|
Pierre-Yves Chibon |
d28610 |
signature to make any decision.
|
|
Pierre-Yves Chibon |
d28610 |
|
|
Pierre-Yves Chibon |
72c25a |
Pagure relies on ``hmac`` to sign the content of its messages. If you want
|
|
Pierre-Yves Chibon |
ed2aeb |
to validate the message, in python, you can do something like the following:
|
|
Pierre-Yves Chibon |
72c25a |
|
|
Pierre-Yves Chibon |
72c25a |
::
|
|
Pierre-Yves Chibon |
72c25a |
|
|
Pierre-Yves Chibon |
72c25a |
import hmac
|
|
Pierre-Yves Chibon |
010886 |
import hashlib
|
|
Pierre-Yves Chibon |
72c25a |
|
|
Pierre-Yves Chibon |
72c25a |
payload = # content you received in the POST request
|
|
Pierre-Yves Chibon |
72c25a |
headers = # headers of the POST request
|
|
Pierre-Yves Chibon |
72c25a |
project_web_hook_key = # private web-hook key of the project
|
|
Pierre-Yves Chibon |
72c25a |
|
|
Pierre-Yves Chibon |
72c25a |
hashhex = hmac.new(
|
|
Pierre-Yves Chibon |
72c25a |
str(project_web_hook_key), payload, hashlib.sha1).hexdigest()
|
|
Pierre-Yves Chibon |
72c25a |
|
|
Pierre-Yves Chibon |
72c25a |
if hashhex != headers.get('X-Pagure-Signature'):
|
|
Pierre-Yves Chibon |
72c25a |
raise Exception('Message received with an invalid signature')
|