Acasă Explorează Ajutor
Autentificare
RISCI_ATOM
/
pagure
oglindă de https://pagure.io/pagure.git
1
0
Bifurcare 0
Fisiere Probleme 3 Wiki
Ramură: 2.9.x
Ramuri Etichete
pagure
/
doc
/
usage
/
using_webhooks.rst

using_webhooks.rst 2.6 KB
Permalink Istoric Crud

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. Using web-hooks
    2. 

  2. ===============
    3. 

  3. 

  4. Web-hooks are a notification system that could be compared to a callback.
    5. 

  5. Basically, pagure will make a HTTP POST request to one or more third party
    6. 

  6. server/application with information about what is or just happened.
    7. 

  7. 

  8. To set-up a web-hook, simply go to the settings page of your project and
    9. 

  9. enter the URL to the server/endpoint that will receive the notifications.
    10. 

  10. 

  11. There is, in the settings page, a web-hook key which is used by the
    12. 

  12. server (here pagure) to sign the message sent and which you can use to
    13. 

  13. ensure the notifications received are coming from the right source.
    14. 

  14. 

  15. Each POST request made contains some specific headers:
    16. 

  16. 

  17. ::
    18. 

  18. 

  19.     X-Pagure
    20. 

  20.     X-Pagure-Project
    21. 

  21.     X-Pagure-Signature
    22. 

  22.     X-Pagure-Signature-256
    23. 

  23.     X-Pagure-Topic
    24. 

  24. 

  25. ``X-Pagure`` contains URL of the pagure instance sending this notification.
    26. 

  26. 

  27. ``X-Pagure-Project`` contains the name of the project on that pagure instance.
    28. 

  28. 

  29. ``X-Pagure-Signature`` contains the signature of the message allowing to
    30. 

  30. check that the message comes from pagure.
    31. 

  31. 

  32. ``X-Pagure-Signature-256`` contains the SHA-256 signature of the message
    33. 

  33. allowing to check that the message comes from pagure.
    34. 

  34. 

  35. .. note:: These headers are present to allow you to verify that the webhook
    36. 

  36.         was actually sent by the correct Pagure instance. These are not
    37. 

  37.         included in the signed data.
    38. 

  38. 

  39. ``X-Pagure-Topic`` is a global header giving a clue about the type of action
    40. 

  40. that just occurred. For example ``issue.edit``.
    41. 

  41. 

  42. .. warning:: The headers ``X-Pagure``, ``X-Pagure-Project`` and ``X-Pagure-Topic``
    43. 

  43.         are present for convenience only, they are not signed and therefore
    44. 

  44.         should not be trusted. Rely on the payload after checking the
    45. 

  45.         signature to make any decision.
    46. 

  46. 

  47. Pagure relies on ``hmac`` to sign the content of its messages. If you want
    48. 

  48. to validate the message, in python, you can do something like the following:
    49. 

  49. 

  50. ::
    51. 

  51. 

  52.     import hmac
    53. 

  53.     import hashlib
    54. 

  54. 

  55.     payload =  # content you received in the POST request
    56. 

  56.     headers =  # headers of the POST request
    57. 

  57.     project_web_hook_key =  # private web-hook key of the project
    58. 

  58. 

  59.     hashhex = hmac.new(
    60. 

  60.         str(project_web_hook_key), payload, hashlib.sha1).hexdigest()
    61. 

  61. 

  62.     if hashhex != headers.get('X-Pagure-Signature'):
    63. 

  63.         raise Exception('Message received with an invalid signature')
    64. 

  64. 

  65. 

  66. The notifications sent via web-hooks have the same payload as what is sent
    67. 

  67. via `fedmsg <http://www.fedmsg.com/en/latest/>`_. Therefore, the list of
    68. 

  68. pagure topics as well as example messages can be found in the
    69. 

  69. `fedmsg documentation about pagure
    70. 

  70. <https://fedora-fedmsg.readthedocs.org/en/latest/topics.html#id532>`_
    71.