github: add trace logging
This commit is contained in:
parent
a124828cbf
commit
9521afaf95
|
@ -8,7 +8,7 @@ use serde::Deserialize;
|
||||||
|
|
||||||
mod signing;
|
mod signing;
|
||||||
use signing::SignedGitHubPayload;
|
use signing::SignedGitHubPayload;
|
||||||
use tracing::{debug, info, warn};
|
use tracing::{debug, info, trace, warn};
|
||||||
use url::Url;
|
use url::Url;
|
||||||
|
|
||||||
use crate::webhooks::{Event, EventSender};
|
use crate::webhooks::{Event, EventSender};
|
||||||
|
@ -23,10 +23,8 @@ pub fn github_webhook(
|
||||||
payload: SignedGitHubPayload,
|
payload: SignedGitHubPayload,
|
||||||
sender: &State<EventSender>,
|
sender: &State<EventSender>,
|
||||||
) -> Status {
|
) -> Status {
|
||||||
info!(
|
info!("received event {:?} with signed payload", event);
|
||||||
"received event {:?} with signed payload:\n{}",
|
trace!("payload: {}", payload.0);
|
||||||
event, payload.0
|
|
||||||
);
|
|
||||||
|
|
||||||
let event = match event.parse_payload(&payload) {
|
let event = match event.parse_payload(&payload) {
|
||||||
Ok(event) => event,
|
Ok(event) => event,
|
||||||
|
|
|
@ -26,7 +26,10 @@ fn validate_signature(secret: &str, signature: &str, data: &str) -> bool {
|
||||||
|
|
||||||
match hex::decode(signature) {
|
match hex::decode(signature) {
|
||||||
Ok(bytes) => mac.verify(&bytes).is_ok(),
|
Ok(bytes) => mac.verify(&bytes).is_ok(),
|
||||||
Err(_) => false,
|
Err(_) => {
|
||||||
|
trace!("couldn't decode hex-encoded signature {}", signature);
|
||||||
|
false
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,9 +59,14 @@ impl<'r> FromData<'r> for SignedGitHubPayload {
|
||||||
type Error = anyhow::Error;
|
type Error = anyhow::Error;
|
||||||
|
|
||||||
async fn from_data(request: &'r Request<'_>, data: Data<'r>) -> Outcome<'r, Self> {
|
async fn from_data(request: &'r Request<'_>, data: Data<'r>) -> Outcome<'r, Self> {
|
||||||
trace!("received payload on GitHub webhook endpoint");
|
trace!("received payload on GitHub webhook endpoint: {:?}", request);
|
||||||
|
|
||||||
let json_ct = ContentType::new("application", "json");
|
let json_ct = ContentType::new("application", "json");
|
||||||
if request.content_type() != Some(&json_ct) {
|
if request.content_type() != Some(&json_ct) {
|
||||||
|
trace!(
|
||||||
|
"content type `{:?}` wasn't json, stopping here...",
|
||||||
|
request.content_type()
|
||||||
|
);
|
||||||
return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
|
return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -67,6 +75,7 @@ impl<'r> FromData<'r> for SignedGitHubPayload {
|
||||||
.get(X_GITHUB_SIGNATURE)
|
.get(X_GITHUB_SIGNATURE)
|
||||||
.collect::<Vec<_>>();
|
.collect::<Vec<_>>();
|
||||||
if signatures.len() != 1 {
|
if signatures.len() != 1 {
|
||||||
|
trace!("couldn't locate {} header", X_GITHUB_SIGNATURE);
|
||||||
return Outcome::Failure((
|
return Outcome::Failure((
|
||||||
Status::BadRequest,
|
Status::BadRequest,
|
||||||
anyhow!("request header needs exactly one signature"),
|
anyhow!("request header needs exactly one signature"),
|
||||||
|
@ -78,6 +87,7 @@ impl<'r> FromData<'r> for SignedGitHubPayload {
|
||||||
Ok(s) if s.is_complete() => s.into_inner(),
|
Ok(s) if s.is_complete() => s.into_inner(),
|
||||||
Ok(_) => {
|
Ok(_) => {
|
||||||
let eof = io::ErrorKind::UnexpectedEof;
|
let eof = io::ErrorKind::UnexpectedEof;
|
||||||
|
trace!("payload was too big");
|
||||||
return Outcome::Failure((
|
return Outcome::Failure((
|
||||||
Status::PayloadTooLarge,
|
Status::PayloadTooLarge,
|
||||||
io::Error::new(eof, "data limit exceeded").into(),
|
io::Error::new(eof, "data limit exceeded").into(),
|
||||||
|
@ -90,6 +100,7 @@ impl<'r> FromData<'r> for SignedGitHubPayload {
|
||||||
let secret = request.guard::<&State<GitHubSecret>>().await.unwrap();
|
let secret = request.guard::<&State<GitHubSecret>>().await.unwrap();
|
||||||
|
|
||||||
if !validate_signature(&secret.0, signature, &content) {
|
if !validate_signature(&secret.0, signature, &content) {
|
||||||
|
trace!("signature validation failed, stopping here...");
|
||||||
return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
|
return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue