mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-05-20 09:18:15 +00:00
59ba8538a1
* Add configuration extension flags to server Add httpsignatures dependency Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Add http fetching to config fetcher Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Refetch config on rebuild Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * - Ensure multipipeline compatiblity - Send original config in http request Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Basic tests of config api Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Simple docs page Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Better flag naming Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Rename usages of the term yaml Rename ConfigAPI struct Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Doc adjustments Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * More docs touchups Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Fix env vars in docs Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * fix json tags for api calls Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Add example config service Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Consistent naming for configService Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Docs: Change example repository location Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Fix tests after response field rename Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Revert accidential unrelated change in api hook Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Update server flag descriptions Co-authored-by: Anbraten <anton@ju60.de> Co-authored-by: Anbraten <anton@ju60.de>
80 lines
1.8 KiB
Go
80 lines
1.8 KiB
Go
package httpsignatures
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// Signer is used to create a signature for a given request.
|
|
type Signer struct {
|
|
algorithm *Algorithm
|
|
headers HeaderList
|
|
}
|
|
|
|
var (
|
|
// DefaultSha1Signer will sign requests with the url and date using the SHA1 algorithm.
|
|
// Users are encouraged to create their own signer with the headers they require.
|
|
DefaultSha1Signer = NewSigner(AlgorithmHmacSha1, RequestTarget, "date")
|
|
|
|
// DefaultSha256Signer will sign requests with the url and date using the SHA256 algorithm.
|
|
// Users are encouraged to create their own signer with the headers they require.
|
|
DefaultSha256Signer = NewSigner(AlgorithmHmacSha256, RequestTarget, "date")
|
|
)
|
|
|
|
func NewSigner(algorithm *Algorithm, headers ...string) *Signer {
|
|
hl := HeaderList{}
|
|
|
|
for _, header := range headers {
|
|
hl = append(hl, strings.ToLower(header))
|
|
}
|
|
|
|
return &Signer{
|
|
algorithm: algorithm,
|
|
headers: hl,
|
|
}
|
|
}
|
|
|
|
// SignRequest adds a http signature to the Signature: HTTP Header
|
|
func (s Signer) SignRequest(id, key string, r *http.Request) error {
|
|
sig, err := s.buildSignature(id, key, r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
r.Header.Add(headerSignature, sig.String())
|
|
|
|
return nil
|
|
}
|
|
|
|
// AuthRequest adds a http signature to the Authorization: HTTP Header
|
|
func (s Signer) AuthRequest(id, key string, r *http.Request) error {
|
|
sig, err := s.buildSignature(id, key, r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
r.Header.Add(headerAuthorization, authScheme+sig.String())
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s Signer) buildSignature(id, key string, r *http.Request) (*Signature, error) {
|
|
if r.Header.Get("date") == "" {
|
|
r.Header.Set("date", time.Now().Format(time.RFC1123))
|
|
}
|
|
|
|
sig := &Signature{
|
|
KeyID: id,
|
|
Algorithm: s.algorithm,
|
|
Headers: s.headers,
|
|
}
|
|
|
|
err := sig.sign(key, r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return sig, nil
|
|
}
|