YunoHost/yunorunner
1
0
Fork 0
mirror of https://github.com/YunoHost/yunorunner.git synced 2024-09-03 20:05:52 +02:00
Code Issues Projects Releases Packages Wiki Activity

Remove github_bot_token and github_webhook_secret files, read values from config

Browse source
This commit is contained in:
Salamandar 2024-07-24 19:56:20 +02:00
parent cd649f1694
commit f9b3af4f77
1 changed files with 7 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
run.py
View file

@ -1532,11 +1532,8 @@ async def github_get(request):
async def github(request): async def github(request):
# Abort directly if no secret opened # Abort directly if no secret opened
# (which also allows to only enable this feature if # (which also allows to only enable this feature if we define the webhook secret)
# we define the webhook secret) if app.config.GITHUB_WEBHOOK_SECRET is None:
if not os.path.exists("./github_webhook_secret") or not os.path.exists(
"./github_bot_token"
):
api_logger.info( api_logger.info(
f"Received a webhook but no ./github_webhook_secret or ./github_bot_token file exists ... ignoring" f"Received a webhook but no ./github_webhook_secret or ./github_bot_token file exists ... ignoring"
) )
@ -1555,9 +1552,8 @@ async def github(request):
) )
return response.json({"error": "Signing algorightm is not sha1 ?!"}, 501) return response.json({"error": "Signing algorightm is not sha1 ?!"}, 501)
secret = open("./github_webhook_secret", "r").read().strip()
# HMAC requires the key to be bytes, but data is string # HMAC requires the key to be bytes, but data is string
mac = hmac.new(secret.encode(), msg=request.body, digestmod=hashlib.sha1) mac = hmac.new(app.config.GITHUB_WEBHOOK_SECRET.encode(), msg=request.body, digestmod=hashlib.sha1)
if not hmac.compare_digest(str(mac.hexdigest()), str(signature)): if not hmac.compare_digest(str(mac.hexdigest()), str(signature)):
api_logger.info( api_logger.info(
@ -1591,10 +1587,9 @@ async def github(request):
# We need a token an we can't rely on "author_association" because sometimes, users are members in Private, # We need a token an we can't rely on "author_association" because sometimes, users are members in Private,
# which is not represented in the original webhook # which is not represented in the original webhook
async def is_user_in_organization(user): async def is_user_in_organization(user):
token = open("./github_bot_token").read().strip()
async with aiohttp.ClientSession( async with aiohttp.ClientSession(
headers={ headers={
"Authorization": f"token {token}", "Authorization": f"token {app.config.GITHUB_COMMIT_STATUS_TOKEN}",
"Accept": "application/vnd.github.v3+json", "Accept": "application/vnd.github.v3+json",
} }
) as session: ) as session:
@ -1669,9 +1664,8 @@ async def github(request):
else: else:
comments_url = hook_infos["pull_request"]["comments_url"] comments_url = hook_infos["pull_request"]["comments_url"]
token = open("./github_bot_token").read().strip()
async with aiohttp.ClientSession( async with aiohttp.ClientSession(
headers={"Authorization": f"token {token}"} headers={"Authorization": f"token {app.config.GITHUB_COMMIT_STATUS_TOKEN}"}
) as session: ) as session:
async with session.post( async with session.post(
comments_url, data=my_json_dumps({"body": body}) comments_url, data=my_json_dumps({"body": body})
@ -1782,7 +1776,8 @@ def main(config="./config.py"):
":v:", ":v:",
":stuck_out_tongue_winking_eye:", ":stuck_out_tongue_winking_eye:",
], ],
"GITHUB_COMMIT_STATUS_TOKEN": None "GITHUB_COMMIT_STATUS_TOKEN": None,
"GITHUB_WEBHOOK_SECRET": None
} }
app.config.update_config(default_config) app.config.update_config(default_config)