Mirror
/
go-neb
mirror of https://github.com/matrix-org/go-neb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
577 Commits
120 Branches
3 Tags
12 MiB
Tree: 6409b00205
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6409b00205'
${ noResults }
go-neb/services/jira/webhook/webhook.go

206 lines
7.2 KiB
Raw Normal View History

Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Handle incoming JIRA webhook requests
8 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JIRARealm.HasWebhook and set it on webhook creation
8 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Use github.com/matrix-org/util
7 years ago
Re-format project as a Go module (#310) * Define project as a Go module and update dependency versions Signed-off-by: Nikos Filippakis <me@nfil.dev> * Update docs, configs and dockerfile to use latest Go version Signed-off-by: Nikos Filippakis <me@nfil.dev> * Add postgres database driver Signed-off-by: Nikos Filippakis <me@nfil.dev>
4 years ago
[WIP] Switch Gomatrix for Mautrix (#322) * Switch core functionality to Mautrix Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable rssbot Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable giphy service Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable wikipedia, imgur and guggy services Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable Github realm and service, and update go-github version Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and add the rest of the services Re-enables the services: alertmanager, google, jira, slackapi, travisci Signed-off-by: Nikos Filippakis <me@nfil.dev>
4 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Comments
8 years ago
Handle incoming JIRA webhook requests
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Handle incoming JIRA webhook requests
8 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
[WIP] Switch Gomatrix for Mautrix (#322) * Switch core functionality to Mautrix Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable rssbot Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable giphy service Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable wikipedia, imgur and guggy services Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable Github realm and service, and update go-github version Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and add the rest of the services Re-enables the services: alertmanager, google, jira, slackapi, travisci Signed-off-by: Nikos Filippakis <me@nfil.dev>
4 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Add JIRARealm.HasWebhook and set it on webhook creation
8 years ago
Make golint happy
6 years ago
Add JIRARealm.HasWebhook and set it on webhook creation
8 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Handle incoming JIRA webhook requests
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Handle incoming JIRA webhook requests
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Handle incoming JIRA webhook requests
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Handle incoming JIRA webhook requests
8 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
[WIP] Switch Gomatrix for Mautrix (#322) * Switch core functionality to Mautrix Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable rssbot Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable giphy service Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable wikipedia, imgur and guggy services Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable Github realm and service, and update go-github version Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and add the rest of the services Re-enables the services: alertmanager, google, jira, slackapi, travisci Signed-off-by: Nikos Filippakis <me@nfil.dev>
4 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Return a specific not found error message when the user hasn't authed with JIRA
8 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Add JIRARealm.HasWebhook and set it on webhook creation
8 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Comment the return args on getWebhook
7 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
[WIP] Switch Gomatrix for Mautrix (#322) * Switch core functionality to Mautrix Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable rssbot Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable giphy service Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable wikipedia, imgur and guggy services Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and re-enable Github realm and service, and update go-github version Signed-off-by: Nikos Filippakis <me@nfil.dev> * Convert and add the rest of the services Re-enables the services: alertmanager, google, jira, slackapi, travisci Signed-off-by: Nikos Filippakis <me@nfil.dev>
4 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
Update go-neb to use util.JSONResponse
7 years ago
Implement JIRA webhook creation Also start including unauthorised webhook creation semantics, though not finished yet. Change the config format of `JIRAService` to make more sense and allow multiple realms per room.
8 years ago
  1. package webhook
  3. import (
  4. "encoding/json"
  5. "fmt"
  6. "net/http"
  7. "strings"
  9. gojira "github.com/andygrunwald/go-jira"
  10. "github.com/matrix-org/go-neb/database"
  11. "github.com/matrix-org/go-neb/realms/jira"
  12. "github.com/matrix-org/util"
  13. log "github.com/sirupsen/logrus"
  14. "maunium.net/go/mautrix/id"
  15. )
  17. type jiraWebhook struct {
  18. Name string `json:"name"`
  19. URL string `json:"url"`
  20. Events []string `json:"events"`
  21. Filter string `json:"jqlFilter"`
  22. Exclude bool `json:"excludeIssueDetails"`
  23. // These fields are populated on GET
  24. Enabled bool `json:"enabled"`
  25. }
  27. // Event represents an incoming JIRA webhook event
  28. type Event struct {
  29. WebhookEvent string `json:"webhookEvent"`
  30. Timestamp int64 `json:"timestamp"`
  31. User gojira.User `json:"user"`
  32. Issue gojira.Issue `json:"issue"`
  33. }
  35. // RegisterHook checks to see if this user is allowed to track the given projects and then tracks them.
  36. func RegisterHook(jrealm *jira.Realm, projects []string, userID id.UserID, webhookEndpointURL string) error {
  37. // Tracking means that a webhook may need to be created on the remote JIRA installation.
  38. // We need to make sure that the user has permission to do this. If they don't, it may still be okay if
  39. // there is an existing webhook set up for this installation by someone else, *PROVIDED* that the projects
  40. // they wish to monitor are "public" (accessible by not logged in users).
  41. //
  42. // The methodology for this is as follows:
  43. // - If they don't have a JIRA token for the remote install, fail.
  44. // - Try to GET /webhooks. If this succeeds:
  45. // * The user is an admin (only admins can GET webhooks)
  46. // * If there is a NEB webhook already then return success.
  47. // * Else create the webhook and then return success (if creation fails then fail).
  48. // - Else:
  49. // * The user is NOT an admin.
  50. // * Are ALL the projects in the config public? If yes:
  51. // - Is there an existing config for this remote JIRA installation? If yes:
  52. // * Another user has setup a webhook. We can't check if the webhook is still alive though,
  53. // return success.
  54. // - Else:
  55. // * There is no existing NEB webhook for this JIRA installation. The user cannot create a
  56. // webhook to the JIRA installation, so fail.
  57. // * Else:
  58. // - There are private projects in the config and the user isn't an admin, so fail.
  59. logger := log.WithFields(log.Fields{
  60. "realm_id": jrealm.ID(),
  61. "jira_url": jrealm.JIRAEndpoint,
  62. "user_id": userID,
  63. })
  64. cli, err := jrealm.JIRAClient(userID, false)
  65. if err != nil {
  66. logger.WithError(err).Print("No JIRA client exists")
  67. return err // no OAuth token on this JIRA endpoint
  68. }
  69. wh, forbidden, err := getWebhook(cli, webhookEndpointURL)
  70. if err != nil {
  71. if !forbidden {
  72. logger.WithError(err).Print("Failed to GET webhook")
  73. return err
  74. }
  75. // User is not a JIRA admin (cannot GET webhooks)
  76. // The only way this is going to end well for this request is if all the projects
  77. // are PUBLIC. That is, they can be accessed directly without an access token.
  78. err = checkProjectsArePublic(jrealm, projects, userID)
  79. if err != nil {
  80. logger.WithError(err).Print("Failed to assert that all projects are public")
  81. return err
  82. }
  84. // All projects that wish to be tracked are public, but the user cannot create
  85. // webhooks. The only way this will work is if we already have a webhook for this
  86. // JIRA endpoint.
  87. if !jrealm.HasWebhook {
  88. logger.Print("No webhook exists for this realm.")
  89. return fmt.Errorf("Not authorised to create webhook: not an admin")
  90. }
  91. return nil
  92. }
  94. // The user is probably an admin (can query webhooks endpoint)
  96. if wh != nil {
  97. logger.Print("Webhook already exists")
  98. return nil // we already have a NEB webhook :D
  99. }
  100. return createWebhook(jrealm, webhookEndpointURL, userID)
  101. }
  103. // OnReceiveRequest is called when JIRA hits NEB with an update.
  104. // Returns the project key and webhook event, or an error.
  105. func OnReceiveRequest(req *http.Request) (string, *Event, *util.JSONResponse) {
  106. // extract the JIRA webhook event JSON
  107. defer req.Body.Close()
  108. var whe Event
  109. err := json.NewDecoder(req.Body).Decode(&whe)
  110. if err != nil {
  111. resErr := util.MessageResponse(400, "Failed to parse request JSON")
  112. return "", nil, &resErr
  113. }
  115. if err != nil {
  116. resErr := util.MessageResponse(400, "Failed to parse JIRA URL")
  117. return "", nil, &resErr
  118. }
  119. projKey := strings.Split(whe.Issue.Key, "-")[0]
  120. projKey = strings.ToUpper(projKey)
  121. return projKey, &whe, nil
  122. }
  124. func createWebhook(jrealm *jira.Realm, webhookEndpointURL string, userID id.UserID) error {
  125. cli, err := jrealm.JIRAClient(userID, false)
  126. if err != nil {
  127. return err
  128. }
  130. req, err := cli.NewRequest("POST", "rest/webhooks/1.0/webhook", jiraWebhook{
  131. Name: "Go-NEB",
  132. URL: webhookEndpointURL,
  133. Events: []string{"jira:issue_created", "jira:issue_deleted", "jira:issue_updated"},
  134. Filter: "",
  135. Exclude: false,
  136. })
  137. if err != nil {
  138. return err
  139. }
  140. res, err := cli.Do(req, nil)
  141. if err != nil {
  142. return err
  143. }
  144. if res.StatusCode < 200 || res.StatusCode >= 300 {
  145. return fmt.Errorf("Creating webhook returned HTTP %d", res.StatusCode)
  146. }
  147. log.WithFields(log.Fields{
  148. "status_code": res.StatusCode,
  149. "realm_id": jrealm.ID(),
  150. "jira_url": jrealm.JIRAEndpoint,
  151. }).Print("Created webhook")
  153. // mark this on the realm and persist it.
  154. jrealm.HasWebhook = true
  155. _, err = database.GetServiceDB().StoreAuthRealm(jrealm)
  156. return err
  157. }
  159. // Get an existing JIRA webhook. Returns the hook if it exists, or an error along with a bool
  160. // which indicates if the request to retrieve the hook is not 2xx. If it is not 2xx, it is
  161. // forbidden (different JIRA deployments return different codes ranging from 401/403/404/500).
  162. func getWebhook(cli *gojira.Client, webhookEndpointURL string) (*jiraWebhook, bool, error) {
  163. req, err := cli.NewRequest("GET", "rest/webhooks/1.0/webhook", nil)
  164. if err != nil {
  165. return nil, false, fmt.Errorf("Failed to prepare webhook request")
  166. }
  167. var webhookList []jiraWebhook
  168. res, err := cli.Do(req, &webhookList)
  169. if err != nil {
  170. return nil, false, fmt.Errorf("Failed to query webhooks")
  171. }
  172. if res.StatusCode < 200 || res.StatusCode >= 300 {
  173. return nil, true, fmt.Errorf("Querying webhook returned HTTP %d", res.StatusCode)
  174. }
  175. log.Print("Retrieved ", len(webhookList), " webhooks")
  176. var nebWH *jiraWebhook
  177. for _, wh := range webhookList {
  178. if wh.URL == webhookEndpointURL {
  179. nebWH = &wh
  180. break
  181. }
  182. }
  183. return nebWH, false, nil
  184. }
  186. func checkProjectsArePublic(jrealm *jira.Realm, projects []string, userID id.UserID) error {
  187. publicCli, err := jrealm.JIRAClient("", true)
  188. if err != nil {
  189. return fmt.Errorf("Cannot create public JIRA client")
  190. }
  191. for _, projectKey := range projects {
  192. // check you can query this project with a public client
  193. req, err := publicCli.NewRequest("GET", "rest/api/2/project/"+projectKey, nil)
  194. if err != nil {
  195. return fmt.Errorf("Failed to create project URL for project %s", projectKey)
  196. }
  197. res, err := publicCli.Do(req, nil)
  198. if err != nil {
  199. return fmt.Errorf("Failed to query project %s", projectKey)
  200. }
  201. if res.StatusCode < 200 || res.StatusCode >= 300 {
  202. return fmt.Errorf("Project %s is not public. (HTTP %d)", projectKey, res.StatusCode)
  203. }
  204. }
  205. return nil
  206. }