alarsyo/prololo-reborn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

github: add trace logging

Browse source
This commit is contained in:
Antoine Martin 2021-09-12 21:39:21 +02:00
parent a124828cbf
commit 9521afaf95
2 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/webhooks/github.rs
View file

@ -8,7 +8,7 @@ use serde::Deserialize;
mod signing; mod signing;
use signing::SignedGitHubPayload; use signing::SignedGitHubPayload;
use tracing::{debug, info, warn}; use tracing::{debug, info, trace, warn};
use url::Url; use url::Url;
use crate::webhooks::{Event, EventSender}; use crate::webhooks::{Event, EventSender};
@ -23,10 +23,8 @@ pub fn github_webhook(
payload: SignedGitHubPayload, payload: SignedGitHubPayload,
sender: &State<EventSender>, sender: &State<EventSender>,
) -> Status { ) -> Status {
info!( info!("received event {:?} with signed payload", event);
"received event {:?} with signed payload:\n{}", trace!("payload: {}", payload.0);
event, payload.0
);
let event = match event.parse_payload(&payload) { let event = match event.parse_payload(&payload) {
Ok(event) => event, Ok(event) => event,

15
src/webhooks/github/signing.rs
View file

@ -26,7 +26,10 @@ fn validate_signature(secret: &str, signature: &str, data: &str) -> bool {
match hex::decode(signature) { match hex::decode(signature) {
Ok(bytes) => mac.verify(&bytes).is_ok(), Ok(bytes) => mac.verify(&bytes).is_ok(),
Err(_) => false, Err(_) => {
trace!("couldn't decode hex-encoded signature {}", signature);
false
}
} }
} }
@ -56,9 +59,14 @@ impl<'r> FromData<'r> for SignedGitHubPayload {
type Error = anyhow::Error; type Error = anyhow::Error;
async fn from_data(request: &'r Request<'_>, data: Data<'r>) -> Outcome<'r, Self> { async fn from_data(request: &'r Request<'_>, data: Data<'r>) -> Outcome<'r, Self> {
trace!("received payload on GitHub webhook endpoint"); trace!("received payload on GitHub webhook endpoint: {:?}", request);
let json_ct = ContentType::new("application", "json"); let json_ct = ContentType::new("application", "json");
if request.content_type() != Some(&json_ct) { if request.content_type() != Some(&json_ct) {
trace!(
"content type `{:?}` wasn't json, stopping here...",
request.content_type()
);
return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type"))); return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
} }
@ -67,6 +75,7 @@ impl<'r> FromData<'r> for SignedGitHubPayload {
.get(X_GITHUB_SIGNATURE) .get(X_GITHUB_SIGNATURE)
.collect::<Vec<_>>(); .collect::<Vec<_>>();
if signatures.len() != 1 { if signatures.len() != 1 {
trace!("couldn't locate {} header", X_GITHUB_SIGNATURE);
return Outcome::Failure(( return Outcome::Failure((
Status::BadRequest, Status::BadRequest,
anyhow!("request header needs exactly one signature"), anyhow!("request header needs exactly one signature"),
@ -78,6 +87,7 @@ impl<'r> FromData<'r> for SignedGitHubPayload {
Ok(s) if s.is_complete() => s.into_inner(), Ok(s) if s.is_complete() => s.into_inner(),
Ok(_) => { Ok(_) => {
let eof = io::ErrorKind::UnexpectedEof; let eof = io::ErrorKind::UnexpectedEof;
trace!("payload was too big");
return Outcome::Failure(( return Outcome::Failure((
Status::PayloadTooLarge, Status::PayloadTooLarge,
io::Error::new(eof, "data limit exceeded").into(), io::Error::new(eof, "data limit exceeded").into(),
@ -90,6 +100,7 @@ impl<'r> FromData<'r> for SignedGitHubPayload {
let secret = request.guard::<&State<GitHubSecret>>().await.unwrap(); let secret = request.guard::<&State<GitHubSecret>>().await.unwrap();
if !validate_signature(&secret.0, signature, &content) { if !validate_signature(&secret.0, signature, &content) {
trace!("signature validation failed, stopping here...");
return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature"))); return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
} }