Sākums Izpētīt Palīdzība
Pierakstīties
RISCI_ATOM
/
pagure
spogulis no https://pagure.io/pagure.git
1
0
Atdalīts 0
Faili Problēmas 3 Vikivietne
Atzars: gpg_check
Atzari Tagi
pagure
/
doc
/
usage
/
using_webhooks.rst

using_webhooks.rst 2.0 KB
Patstāvīgā saite Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. Using web-hooks
    2. 

  2. ===============
    3. 

  3. 

  4. Web-hooks are a notification system that could be compared to a callback.
    5. 

  5. Basically, pagure will make a HTTP POST request to one or more third party
    6. 

  6. server/application with information about what is or just happened.
    7. 

  7. 

  8. To set-up a web-hook, simply go to the settings page of your project and
    9. 

  9. enter the URL to the server/endpoint that will receive the notifications.
    10. 

  10. 

  11. There is, in the settings page, a web-hook key which is used by the
    12. 

  12. server (here pagure) to sign the message sent and which you can use to
    13. 

  13. ensure the notifications received are coming from the right source.
    14. 

  14. 

  15. Each POST request made contains two specific headers:
    16. 

  16. 

  17. ::
    18. 

  18. 

  19.     X-Pagure-Topic
    20. 

  20.     X-Pagure-Signature
    21. 

  21. 

  22. 

  23. ``X-Pagure-Topic`` is a global header giving a clue about the type of action
    24. 

  24. that just occured. For example ``issue.edit``.
    25. 

  25. 

  26. 

  27. ``X-Pagure-Signature`` contains the signature of the message allowing to
    28. 

  28. check that the message comes from pagure.
    29. 

  29. 

  30. .. warning:: These headers are present for convenience only, they are not
    31. 

  31.         signed and therefore should not be trusted. Rely on the payload
    32. 

  32.         after checking the signature to make any decision.
    33. 

  33. 

  34. Pagure relies on ``hmac`` to sign the content of its messages. If you want
    35. 

  35. to validate the message, in python, you can do something like the following:
    36. 

  36. 

  37. ::
    38. 

  38. 

  39.     import hmac
    40. 

  40.     import hashlib
    41. 

  41. 

  42.     payload =  # content you received in the POST request
    43. 

  43.     headers =  # headers of the POST request
    44. 

  44.     project_web_hook_key =  # private web-hook key of the project
    45. 

  45. 

  46.     hashhex = hmac.new(
    47. 

  47.         str(project_web_hook_key), payload, hashlib.sha1).hexdigest()
    48. 

  48. 

  49.     if hashhex != headers.get('X-Pagure-Signature'):
    50. 

  50.         raise Exception('Message received with an invalid signature')
    51. 

  51. 

  52. 

  53. The notifications sent via web-hooks have the same payload as what is sent
    54. 

  54. via `fedmsg <http://www.fedmsg.com/en/latest/>`_. Therefore, the list of
    55. 

  55. pagure topics as well as example messages can be found in the
    56. 

  56. `fedmsg documentation about pagure
    57. 

  57. <https://fedora-fedmsg.readthedocs.org/en/latest/topics.html#id532>`_
    58.