From a76e37dacb9d4e66ef9bd3896d77ed3db6bf882b Mon Sep 17 00:00:00 2001 From: Michelangelo Date: Thu, 21 May 2020 14:44:30 +0200 Subject: [PATCH 1/5] add support for signature header --- go.mod | 2 ++ main.go | 6 ++++++ plugin.go | 14 ++++++++++++++ 3 files changed, 22 insertions(+) diff --git a/go.mod b/go.mod index d3e57ca..edbd7e7 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,7 @@ module github.com/drone-plugins/drone-webhook +go 1.14 + require ( bou.ke/monkey v1.0.1 // indirect github.com/aymerick/raymond v2.0.2+incompatible // indirect diff --git a/main.go b/main.go index 4133cf6..2980c0d 100644 --- a/main.go +++ b/main.go @@ -70,6 +70,11 @@ func main() { Usage: "skip ssl verification", EnvVar: "PLUGIN_SKIP_VERIFY", }, + cli.StringFlag{ + Name: "secret", + Usage: "secret to generate signature", + EnvVar: "PLUGIN_SECRET,WEBHOOK_SECRET", + }, cli.StringFlag{ Name: "repo.owner", Usage: "repository owner", @@ -196,6 +201,7 @@ func run(c *cli.Context) error { ValidCodes: c.IntSlice("valid-response-codes"), Debug: c.Bool("debug"), SkipVerify: c.Bool("skip-verify"), + Secret: c.String("secret"), }, } diff --git a/plugin.go b/plugin.go index 031d260..1e9fbbb 100644 --- a/plugin.go +++ b/plugin.go @@ -2,7 +2,10 @@ package main import ( "bytes" + "crypto/hmac" + "crypto/sha256" "crypto/tls" + "encoding/hex" "encoding/json" "fmt" "io/ioutil" @@ -47,6 +50,7 @@ type ( ValidCodes []int Debug bool SkipVerify bool + Secret string } Job struct { @@ -117,6 +121,16 @@ func (p Plugin) Exec() error { req.Header.Set("Content-Type", p.Config.ContentType) + if p.Config.Secret != "" { + // generate signature with secret and body + h := hmac.New(sha256.New, []byte(p.Config.Secret)) + h.Write(b) + sha := hex.EncodeToString(h.Sum(nil)) + + // append signature to headers + req.Header.Set("X-Drone-Signature", sha) + } + for _, value := range p.Config.Headers { header := strings.Split(value, "=") req.Header.Set(header[0], header[1]) From 7f2efea728314233f33da7a346964ac078c0d40b Mon Sep 17 00:00:00 2001 From: Michelangelo Date: Thu, 21 May 2020 14:57:58 +0200 Subject: [PATCH 2/5] remove go version --- go.mod | 2 -- 1 file changed, 2 deletions(-) diff --git a/go.mod b/go.mod index edbd7e7..d3e57ca 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,5 @@ module github.com/drone-plugins/drone-webhook -go 1.14 - require ( bou.ke/monkey v1.0.1 // indirect github.com/aymerick/raymond v2.0.2+incompatible // indirect From 770ffb857edc9f89f905e2b29641dedb741d4b5f Mon Sep 17 00:00:00 2001 From: Michelangelo Morrillo Date: Thu, 21 May 2020 15:34:57 +0200 Subject: [PATCH 3/5] Include signature algorithm in header field Co-authored-by: Lauris BH --- plugin.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.go b/plugin.go index 1e9fbbb..528775d 100644 --- a/plugin.go +++ b/plugin.go @@ -128,7 +128,7 @@ func (p Plugin) Exec() error { sha := hex.EncodeToString(h.Sum(nil)) // append signature to headers - req.Header.Set("X-Drone-Signature", sha) + req.Header.Set("X-Drone-Signature", fmt.Sprintf("sha256=%s", sha)) } for _, value := range p.Config.Headers { From 32f681e17504a30be36426b258b34d2449f68041 Mon Sep 17 00:00:00 2001 From: Michelangelo Date: Wed, 24 Jun 2020 09:56:28 +0200 Subject: [PATCH 4/5] Customizable signature header name, rename `secret` to `signature_secret` --- main.go | 33 ++++++++++++++++++++------------- plugin.go | 29 +++++++++++++++-------------- 2 files changed, 35 insertions(+), 27 deletions(-) diff --git a/main.go b/main.go index 2980c0d..9fae1cc 100644 --- a/main.go +++ b/main.go @@ -71,9 +71,15 @@ func main() { EnvVar: "PLUGIN_SKIP_VERIFY", }, cli.StringFlag{ - Name: "secret", + Name: "signature_header", + Usage: "header name to use in request", + EnvVar: "PLUGIN_SIGNATURE_HEADER,WEBHOOK_SIGNATURE_HEADER", + Value: "X-Drone-Signature", + }, + cli.StringFlag{ + Name: "signature_secret", Usage: "secret to generate signature", - EnvVar: "PLUGIN_SECRET,WEBHOOK_SECRET", + EnvVar: "PLUGIN_SIGNATURE_SECRET,WEBHOOK_SIGNATURE_SECRET", }, cli.StringFlag{ Name: "repo.owner", @@ -191,17 +197,18 @@ func run(c *cli.Context) error { Started: c.Int64("job.started"), }, Config: Config{ - Method: c.String("method"), - Username: c.String("username"), - Password: c.String("password"), - ContentType: c.String("content-type"), - Template: c.String("template"), - Headers: c.StringSlice("headers"), - URLs: c.StringSlice("urls"), - ValidCodes: c.IntSlice("valid-response-codes"), - Debug: c.Bool("debug"), - SkipVerify: c.Bool("skip-verify"), - Secret: c.String("secret"), + Method: c.String("method"), + Username: c.String("username"), + Password: c.String("password"), + ContentType: c.String("content-type"), + Template: c.String("template"), + Headers: c.StringSlice("headers"), + URLs: c.StringSlice("urls"), + ValidCodes: c.IntSlice("valid-response-codes"), + Debug: c.Bool("debug"), + SkipVerify: c.Bool("skip-verify"), + SignatureHeader: c.String("signature_header"), + SignatureSecret: c.String("signature_secret"), }, } diff --git a/plugin.go b/plugin.go index 528775d..0746429 100644 --- a/plugin.go +++ b/plugin.go @@ -40,17 +40,18 @@ type ( } Config struct { - Method string - Username string - Password string - ContentType string - Template string - Headers []string - URLs []string - ValidCodes []int - Debug bool - SkipVerify bool - Secret string + Method string + Username string + Password string + ContentType string + Template string + Headers []string + URLs []string + ValidCodes []int + Debug bool + SkipVerify bool + SignatureHeader string + SignatureSecret string } Job struct { @@ -121,14 +122,14 @@ func (p Plugin) Exec() error { req.Header.Set("Content-Type", p.Config.ContentType) - if p.Config.Secret != "" { + if p.Config.SignatureSecret != "" { // generate signature with secret and body - h := hmac.New(sha256.New, []byte(p.Config.Secret)) + h := hmac.New(sha256.New, []byte(p.Config.SignatureSecret)) h.Write(b) sha := hex.EncodeToString(h.Sum(nil)) // append signature to headers - req.Header.Set("X-Drone-Signature", fmt.Sprintf("sha256=%s", sha)) + req.Header.Set(p.Config.SignatureHeader, fmt.Sprintf("sha256=%s", sha)) } for _, value := range p.Config.Headers { From bff3a91abd42e89070eadf47a15cdbbeafd8baa3 Mon Sep 17 00:00:00 2001 From: Michelangelo Date: Sun, 28 Jun 2020 18:00:01 +0200 Subject: [PATCH 5/5] Use dash instead of underscore --- main.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index 9fae1cc..b27e9b3 100644 --- a/main.go +++ b/main.go @@ -71,13 +71,13 @@ func main() { EnvVar: "PLUGIN_SKIP_VERIFY", }, cli.StringFlag{ - Name: "signature_header", + Name: "signature-header", Usage: "header name to use in request", EnvVar: "PLUGIN_SIGNATURE_HEADER,WEBHOOK_SIGNATURE_HEADER", Value: "X-Drone-Signature", }, cli.StringFlag{ - Name: "signature_secret", + Name: "signature-secret", Usage: "secret to generate signature", EnvVar: "PLUGIN_SIGNATURE_SECRET,WEBHOOK_SIGNATURE_SECRET", },