USEFULL
/
drone
mirror of https://github.com/harness/drone.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: [AH-1067]: use internal webhook secret (#3539) 

* feat: [AH-1067]: change var name
* feat: [AH-1067]: change var name
* feat: [AH-1067]: fix lint issues
* feat: [AH-1067]: use internal webhook secret
try-new-ui
Tudor Macari 2025-03-12 21:00:50 +00:00 committed by Harness
parent 1e8ae8b47f
commit a0461fd870
4 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/services/webhook/service.go
View File

@ -51,9 +51,7 @@ type Config struct {
MaxRetries int MaxRetries int
AllowPrivateNetwork bool AllowPrivateNetwork bool
AllowLoopback bool AllowLoopback bool
InternalSecret string
// InternalWebhooksURL specifies the internal webhook URL which will be used if webhook is marked internal
InternalWebhooksURL string
} }
func (c *Config) Prepare() error { func (c *Config) Prepare() error {
@ -81,6 +79,7 @@ func (c *Config) Prepare() error {
return nil return nil
} }
//nolint:revive
type WebhookExecutorStore interface { type WebhookExecutorStore interface {
Find(ctx context.Context, id int64) (*types.WebhookExecutionCore, error) Find(ctx context.Context, id int64) (*types.WebhookExecutionCore, error)
ListWebhooks( ListWebhooks(
@ -106,6 +105,7 @@ type WebhookExecutorStore interface {
CreateWebhookExecution(ctx context.Context, hook *types.WebhookExecutionCore) error CreateWebhookExecution(ctx context.Context, hook *types.WebhookExecutionCore) error
} }
//nolint:revive
type WebhookExecutor struct { type WebhookExecutor struct {
secureHTTPClient *http.Client secureHTTPClient *http.Client
insecureHTTPClient *http.Client insecureHTTPClient *http.Client

5
app/services/webhook/trigger.go
View File

@ -365,7 +365,10 @@ func (w *WebhookExecutor) prepareHTTPRequest(
} }
var secretValue string var secretValue string
if webhook.Secret != "" { //nolint:gocritic
if webhook.Type == enum.WebhookTypeInternal {
secretValue = w.config.InternalSecret
} else if webhook.Secret != "" {
decryptedSecret, err := w.encrypter.Decrypt([]byte(webhook.Secret)) decryptedSecret, err := w.encrypter.Decrypt([]byte(webhook.Secret))
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to decrypt webhook secret: %w", err) return nil, fmt.Errorf("failed to decrypt webhook secret: %w", err)

1
cli/operations/server/config.go
View File

@ -331,6 +331,7 @@ func ProvideWebhookConfig(config *types.Config) webhook.Config {
MaxRetries: config.Webhook.MaxRetries, MaxRetries: config.Webhook.MaxRetries,
AllowPrivateNetwork: config.Webhook.AllowPrivateNetwork, AllowPrivateNetwork: config.Webhook.AllowPrivateNetwork,
AllowLoopback: config.Webhook.AllowLoopback, AllowLoopback: config.Webhook.AllowLoopback,
InternalSecret: config.Webhook.InternalSecret,
} }
} }

1
types/config.go
View File

@ -340,6 +340,7 @@ type Config struct {
AllowLoopback bool `envconfig:"GITNESS_WEBHOOK_ALLOW_LOOPBACK" default:"false"` AllowLoopback bool `envconfig:"GITNESS_WEBHOOK_ALLOW_LOOPBACK" default:"false"`
// RetentionTime is the duration after which webhook executions will be purged from the DB. // RetentionTime is the duration after which webhook executions will be purged from the DB.
RetentionTime time.Duration `envconfig:"GITNESS_WEBHOOK_RETENTION_TIME" default:"168h"` // 7 days RetentionTime time.Duration `envconfig:"GITNESS_WEBHOOK_RETENTION_TIME" default:"168h"` // 7 days
InternalSecret string `envconfig:"GITNESS_WEBHOOK_INTERNAL_SECRET"`
} }
Trigger struct { Trigger struct {