Merge pull request #10 from suhay/8-github-injection

Separating auth so we can call it using sandwich shop

Author: suhay

src/app.py

@@ -1,47 +1,34 @@
+from auth import auth
+from parse import parse
 from quart import Quart, request
 
-from dotenv import load_dotenv
-load_dotenv()
-
-from release import processRelease
-from multiprocessing import Process
-
-import os
-import hashlib
-import hmac
-
-
-token = os.environ.get("API_TOKEN")
-tokenb = bytes(token, 'utf-8')
 
 app = Quart(__name__)
 
-@app.route('/webhooks/<repo>', methods=['GET','POST'])
+
+@app.route('/webhooks/<repo>', methods=['GET', 'POST'])
 async def webhooks(repo):
     if request.is_json:
-      data = await request.data
-      signature = hmac.new(tokenb, data, hashlib.sha1).hexdigest()
-
-      if 'X-Hub-Signature' in request.headers.keys() and hmac.compare_digest(signature, request.headers['X-Hub-Signature'].split('=')[1]):
-        payload = await request.get_json()
-
-        if payload['repository']['name'] == repo and 'action' in payload.keys():
-          if payload['action'] == 'released' and 'release' in payload.keys():
-            p = Process(target=processRelease, args=(repo,payload))
-            print(p.pid)
-            p.start()
-
-        return 'Thanks!', 202
-
-      else:
-        return 'Signature is wrong...', 401
+        if 'X-Hub-Signature-256' in request.headers.keys():
+            data = await request.data
+            header = request.headers['X-Hub-Signature-256'].split('=')[1]
+            if auth(header, data):
+                payload = await request.get_json()
+                parse(repo, payload)
+                return 'Thanks!', 202
+            else:
+                return 'Signature is wrong...', 401
+        else:
+            return 'Signature is wrong...', 401
 
     else:
-      return 'Not sure what this is...', 418
+        return 'Not sure what this is...', 418
+
 
 @app.errorhandler(404)
 def page_not_found(e):
     return "?", 404
 
+
 if __name__ == "__main__":
-    app.run()
+    app.run()

src/auth.py

@@ -0,0 +1,15 @@
+import hmac
+import hashlib
+import os
+from dotenv import load_dotenv
+load_dotenv()
+
+token = os.environ.get("API_TOKEN")
+tokenb = bytes(token, 'utf-8')
+
+
+async def auth(header, data):
+    signature = 'sha256=' + hmac.new(tokenb, data, hashlib.sha256).hexdigest()
+    if hmac.compare_digest(signature, header):
+        return True
+    return False

src/parse.py

@@ -0,0 +1,11 @@
+from multiprocessing import Process
+from release import processRelease
+
+
+async def parse(repo, payload):
+    if payload['repository']['name'] == repo and 'action' in payload.keys():
+        if payload['action'] == 'released' and 'release' in payload.keys():
+            p = Process(target=processRelease,
+                        args=(repo, payload))
+            print(p.pid)
+            p.start()

src/release.py

@@ -1,67 +1,63 @@
 import json
 import subprocess
-import os.path
 
 from os import path
 from pathlib import Path
 from pybars import Compiler
 
 compiler = Compiler()
 
+
 def processRelease(repo, payload):
     base_path = Path(__file__).parent
     file_name = repo + '.json'
     file_path = (base_path / '..' / 'sites' / file_name).resolve()
 
     with open(file_path) as f:
-      data = json.load(f)
+        data = json.load(f)
 
     if 'release' in data.keys() and 'path' in data.keys():
-      commands = []
-      
-      cwd = data['cwd']
-
-      if path.exists(base_path / '..' / '.nvmrc'):
-        commands.append('. ' + cwd + '/.nvm/nvm.sh')
-        commands.append('nvm use')
-      elif 'node' in data.keys():
-        commands.append('. ' + cwd + '/.nvm/nvm.sh')
-        commands.append('nvm use ' + data['node'])
-
-      if 'build' in data['release'].keys():
-        source = data['release']['build']
-        template = compiler.compile(source)
-        commands.append(template(payload))
-
-      if 'deploy' in data['release'].keys():
-        source = data['release']['deploy']
-        template = compiler.compile(source)
-        commands.append(template(payload))
-
-      if 'cleanup' in data['release'].keys():
-        source = data['release']['cleanup']
-        template = compiler.compile(source)
-        commands.append(template(payload))
-
-      subprocess.check_call(['git', 'fetch', '--all', '--tags'], cwd=data['path'])
-      subprocess.check_call(['git', 'checkout', 'tags/' + payload['release']['tag_name']], cwd=data['path'])
-
-      with subprocess.Popen(' && '.join(commands), cwd=data['path'], executable='/bin/bash', shell=True, stdout=subprocess.PIPE) as process:
-        try:
-          process.communicate(timeout=300)
-          while True:
-            line = process.stdout.readline()
-            if line == '' and process.poll() is not None:
-              break
-            if line:
-              print(line.rstrip())
-        except subprocess.TimeoutExpired:
-          print('Process was killed by timeout: 300 seconds')
-          raise
-        finally:
-          print('Process complete')
-          process.kill()
-          process.communicate()
-          print('Release complete!')
+        commands = []
+
+        cwd = data['cwd']
+
+        if path.exists(base_path / '..' / '.nvmrc'):
+            commands.append('. ' + cwd + '/.nvm/nvm.sh')
+            commands.append('nvm use')
+        elif 'node' in data.keys():
+            commands.append('. ' + cwd + '/.nvm/nvm.sh')
+            commands.append('nvm use ' + data['node'])
+
+        if 'build' in data['release'].keys():
+            source = data['release']['build']
+            template = compiler.compile(source)
+            commands.append(template(payload))
+
+        if 'deploy' in data['release'].keys():
+            source = data['release']['deploy']
+            template = compiler.compile(source)
+            commands.append(template(payload))
+
+        if 'cleanup' in data['release'].keys():
+            source = data['release']['cleanup']
+            template = compiler.compile(source)
+            commands.append(template(payload))
+
+        subprocess.check_call(
+            ['git', 'fetch', '--all', '--tags'], cwd=data['path'])
+        subprocess.check_call(
+            ['git', 'checkout', 'tags/' + payload['release']['tag_name']], cwd=data['path'])
+
+        with subprocess.Popen(' && '.join(commands), cwd=data['path'], executable='/bin/bash', shell=True) as process:
+            try:
+                process.communicate(timeout=300)
+            except subprocess.TimeoutExpired:
+                print('Process was killed by timeout: 300 seconds')
+                raise
+            finally:
+                print('Process complete')
+                process.kill()
+                process.communicate()
+                print('Release complete!')
 
     return

src/test.py

@@ -2,11 +2,10 @@
 
 compiler = Compiler()
 
-
 source = r'tar xzf /project/repo/{{release.sha}}.tar.gz'
 template = compiler.compile(source)
 print(template({
-  'release': {
-    'sha': '302f2b072d46b2f48706eb156f162d901be2c088'
-  }
+    'release': {
+      'sha': '302f2b072d46b2f48706eb156f162d901be2c088'
+      }
 }))