mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-01 05:36:19 +01:00
Webhook support custom proxy (#8760)
* Webhook support custom proxy * Add glob support on webhook proxy host rules * fix app.ini.sample * improve code and app.ini.sample * update cheetsheet about added webhook options
This commit is contained in:
parent
016a5d0438
commit
55bdc9aa38
6 changed files with 101 additions and 3 deletions
|
@ -511,6 +511,10 @@ DELIVER_TIMEOUT = 5
|
||||||
SKIP_TLS_VERIFY = false
|
SKIP_TLS_VERIFY = false
|
||||||
; Number of history information in each page
|
; Number of history information in each page
|
||||||
PAGING_NUM = 10
|
PAGING_NUM = 10
|
||||||
|
; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
|
||||||
|
PROXY_URL =
|
||||||
|
; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
|
||||||
|
PROXY_HOSTS =
|
||||||
|
|
||||||
[mailer]
|
[mailer]
|
||||||
ENABLED = false
|
ENABLED = false
|
||||||
|
|
|
@ -312,6 +312,8 @@ relation to port exhaustion.
|
||||||
- `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
|
- `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
|
||||||
- `SKIP_TLS_VERIFY`: **false**: Allow insecure certification.
|
- `SKIP_TLS_VERIFY`: **false**: Allow insecure certification.
|
||||||
- `PAGING_NUM`: **10**: Number of webhook history events that are shown in one page.
|
- `PAGING_NUM`: **10**: Number of webhook history events that are shown in one page.
|
||||||
|
- `PROXY_URL`: ****: Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
|
||||||
|
- `PROXY_HOSTS`: ****: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
|
||||||
|
|
||||||
## Mailer (`mailer`)
|
## Mailer (`mailer`)
|
||||||
|
|
||||||
|
|
|
@ -129,6 +129,8 @@ menu:
|
||||||
- `DELIVER_TIMEOUT`: 请求webhooks的超时时间,单位秒。
|
- `DELIVER_TIMEOUT`: 请求webhooks的超时时间,单位秒。
|
||||||
- `SKIP_TLS_VERIFY`: 是否允许不安全的证书。
|
- `SKIP_TLS_VERIFY`: 是否允许不安全的证书。
|
||||||
- `PAGING_NUM`: 每页显示的Webhook 历史数量。
|
- `PAGING_NUM`: 每页显示的Webhook 历史数量。
|
||||||
|
- `PROXY_URL`: ****: 代理服务器网址,支持 http://, https//, socks://, 为空将使用环境变量中的 http_proxy/https_proxy 设置。
|
||||||
|
- `PROXY_HOSTS`: ****: 逗号分隔的需要代理的域名或IP地址。支持 * 号匹配符,使用 ** 匹配所有域名和IP地址。
|
||||||
|
|
||||||
## Mailer (`mailer`)
|
## Mailer (`mailer`)
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,12 @@
|
||||||
|
|
||||||
package setting
|
package setting
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/url"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/log"
|
||||||
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// Webhook settings
|
// Webhook settings
|
||||||
Webhook = struct {
|
Webhook = struct {
|
||||||
|
@ -12,11 +18,16 @@ var (
|
||||||
SkipTLSVerify bool
|
SkipTLSVerify bool
|
||||||
Types []string
|
Types []string
|
||||||
PagingNum int
|
PagingNum int
|
||||||
|
ProxyURL string
|
||||||
|
ProxyURLFixed *url.URL
|
||||||
|
ProxyHosts []string
|
||||||
}{
|
}{
|
||||||
QueueLength: 1000,
|
QueueLength: 1000,
|
||||||
DeliverTimeout: 5,
|
DeliverTimeout: 5,
|
||||||
SkipTLSVerify: false,
|
SkipTLSVerify: false,
|
||||||
PagingNum: 10,
|
PagingNum: 10,
|
||||||
|
ProxyURL: "",
|
||||||
|
ProxyHosts: []string{},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -27,4 +38,14 @@ func newWebhookService() {
|
||||||
Webhook.SkipTLSVerify = sec.Key("SKIP_TLS_VERIFY").MustBool()
|
Webhook.SkipTLSVerify = sec.Key("SKIP_TLS_VERIFY").MustBool()
|
||||||
Webhook.Types = []string{"gitea", "gogs", "slack", "discord", "dingtalk", "telegram", "msteams"}
|
Webhook.Types = []string{"gitea", "gogs", "slack", "discord", "dingtalk", "telegram", "msteams"}
|
||||||
Webhook.PagingNum = sec.Key("PAGING_NUM").MustInt(10)
|
Webhook.PagingNum = sec.Key("PAGING_NUM").MustInt(10)
|
||||||
|
Webhook.ProxyURL = sec.Key("PROXY_URL").MustString("")
|
||||||
|
if Webhook.ProxyURL != "" {
|
||||||
|
var err error
|
||||||
|
Webhook.ProxyURLFixed, err = url.Parse(Webhook.ProxyURL)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Webhook PROXY_URL is not valid")
|
||||||
|
Webhook.ProxyURL = ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Webhook.ProxyHosts = sec.Key("PROXY_HOSTS").Strings(",")
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,11 +12,13 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
"code.gitea.io/gitea/models"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"github.com/gobwas/glob"
|
||||||
"github.com/unknwon/com"
|
"github.com/unknwon/com"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -182,7 +184,36 @@ func DeliverHooks() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var webhookHTTPClient *http.Client
|
var (
|
||||||
|
webhookHTTPClient *http.Client
|
||||||
|
once sync.Once
|
||||||
|
hostMatchers []glob.Glob
|
||||||
|
)
|
||||||
|
|
||||||
|
func webhookProxy() func(req *http.Request) (*url.URL, error) {
|
||||||
|
if setting.Webhook.ProxyURL == "" {
|
||||||
|
return http.ProxyFromEnvironment
|
||||||
|
}
|
||||||
|
|
||||||
|
once.Do(func() {
|
||||||
|
for _, h := range setting.Webhook.ProxyHosts {
|
||||||
|
if g, err := glob.Compile(h); err == nil {
|
||||||
|
hostMatchers = append(hostMatchers, g)
|
||||||
|
} else {
|
||||||
|
log.Error("glob.Compile %s failed: %v", h, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
return func(req *http.Request) (*url.URL, error) {
|
||||||
|
for _, v := range hostMatchers {
|
||||||
|
if v.Match(req.URL.Host) {
|
||||||
|
return http.ProxyURL(setting.Webhook.ProxyURLFixed)(req)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return http.ProxyFromEnvironment(req)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// InitDeliverHooks starts the hooks delivery thread
|
// InitDeliverHooks starts the hooks delivery thread
|
||||||
func InitDeliverHooks() {
|
func InitDeliverHooks() {
|
||||||
|
@ -191,7 +222,7 @@ func InitDeliverHooks() {
|
||||||
webhookHTTPClient = &http.Client{
|
webhookHTTPClient = &http.Client{
|
||||||
Transport: &http.Transport{
|
Transport: &http.Transport{
|
||||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify},
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify},
|
||||||
Proxy: http.ProxyFromEnvironment,
|
Proxy: webhookProxy(),
|
||||||
Dial: func(netw, addr string) (net.Conn, error) {
|
Dial: func(netw, addr string) (net.Conn, error) {
|
||||||
conn, err := net.DialTimeout(netw, addr, timeout)
|
conn, err := net.DialTimeout(netw, addr, timeout)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -199,7 +230,6 @@ func InitDeliverHooks() {
|
||||||
}
|
}
|
||||||
|
|
||||||
return conn, conn.SetDeadline(time.Now().Add(timeout))
|
return conn, conn.SetDeadline(time.Now().Add(timeout))
|
||||||
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
39
modules/webhook/deliver_test.go
Normal file
39
modules/webhook/deliver_test.go
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package webhook
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestWebhookProxy(t *testing.T) {
|
||||||
|
setting.Webhook.ProxyURL = "http://localhost:8080"
|
||||||
|
setting.Webhook.ProxyURLFixed, _ = url.Parse(setting.Webhook.ProxyURL)
|
||||||
|
setting.Webhook.ProxyHosts = []string{"*.discordapp.com", "discordapp.com"}
|
||||||
|
|
||||||
|
var kases = map[string]string{
|
||||||
|
"https://discordapp.com/api/webhooks/xxxxxxxxx/xxxxxxxxxxxxxxxxxxx": "http://localhost:8080",
|
||||||
|
"http://s.discordapp.com/assets/xxxxxx": "http://localhost:8080",
|
||||||
|
"http://github.com/a/b": "",
|
||||||
|
}
|
||||||
|
|
||||||
|
for reqURL, proxyURL := range kases {
|
||||||
|
req, err := http.NewRequest("POST", reqURL, nil)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
u, err := webhookProxy()(req)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
if proxyURL == "" {
|
||||||
|
assert.Nil(t, u)
|
||||||
|
} else {
|
||||||
|
assert.EqualValues(t, proxyURL, u.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue