diff --git a/app/services/webhook/service.go b/app/services/webhook/service.go index c5fae3c71..ea637fc70 100644 --- a/app/services/webhook/service.go +++ b/app/services/webhook/service.go @@ -51,9 +51,7 @@ type Config struct { MaxRetries int AllowPrivateNetwork bool AllowLoopback bool - - // InternalWebhooksURL specifies the internal webhook URL which will be used if webhook is marked internal - InternalWebhooksURL string + InternalSecret string } func (c *Config) Prepare() error { @@ -81,6 +79,7 @@ func (c *Config) Prepare() error { return nil } +//nolint:revive type WebhookExecutorStore interface { Find(ctx context.Context, id int64) (*types.WebhookExecutionCore, error) ListWebhooks( @@ -106,6 +105,7 @@ type WebhookExecutorStore interface { CreateWebhookExecution(ctx context.Context, hook *types.WebhookExecutionCore) error } +//nolint:revive type WebhookExecutor struct { secureHTTPClient *http.Client insecureHTTPClient *http.Client diff --git a/app/services/webhook/trigger.go b/app/services/webhook/trigger.go index 3e6f28c07..e75c9a563 100644 --- a/app/services/webhook/trigger.go +++ b/app/services/webhook/trigger.go @@ -365,7 +365,10 @@ func (w *WebhookExecutor) prepareHTTPRequest( } var secretValue string - if webhook.Secret != "" { + //nolint:gocritic + if webhook.Type == enum.WebhookTypeInternal { + secretValue = w.config.InternalSecret + } else if webhook.Secret != "" { decryptedSecret, err := w.encrypter.Decrypt([]byte(webhook.Secret)) if err != nil { return nil, fmt.Errorf("failed to decrypt webhook secret: %w", err) diff --git a/cli/operations/server/config.go b/cli/operations/server/config.go index 22eecdb53..d113aa511 100644 --- a/cli/operations/server/config.go +++ b/cli/operations/server/config.go @@ -331,6 +331,7 @@ func ProvideWebhookConfig(config *types.Config) webhook.Config { MaxRetries: config.Webhook.MaxRetries, AllowPrivateNetwork: config.Webhook.AllowPrivateNetwork, AllowLoopback: config.Webhook.AllowLoopback, + InternalSecret: config.Webhook.InternalSecret, } } diff --git a/types/config.go b/types/config.go index 991da0a39..0a27283f0 100644 --- a/types/config.go +++ b/types/config.go @@ -339,7 +339,8 @@ type Config struct { AllowPrivateNetwork bool `envconfig:"GITNESS_WEBHOOK_ALLOW_PRIVATE_NETWORK" default:"false"` AllowLoopback bool `envconfig:"GITNESS_WEBHOOK_ALLOW_LOOPBACK" default:"false"` // RetentionTime is the duration after which webhook executions will be purged from the DB. - RetentionTime time.Duration `envconfig:"GITNESS_WEBHOOK_RETENTION_TIME" default:"168h"` // 7 days + RetentionTime time.Duration `envconfig:"GITNESS_WEBHOOK_RETENTION_TIME" default:"168h"` // 7 days + InternalSecret string `envconfig:"GITNESS_WEBHOOK_INTERNAL_SECRET"` } Trigger struct {