import hmac
import os
from flask import Flask, request, jsonify
import json
import base64
from urllib.parse import quote
import logging
logging.basicConfig(filename='webhook.log', level=logging.DEBUG, format='%(asctime)s - %(message)s')
app = Flask(__name__)
secret = '密码'
def encryption(data):
"""
Step1:把timestamp+"\n"+密钥当做签名字符串,使用HmacSHA256算法计算签名。
Setp2:对上述得到的结果进行 Base64 encode。
Setp3:对上述得到的结果进行 urlEncode,得到最终的签名(需要使用UTF-8字符集)。
"""
key = secret.encode('utf-8')
obj = hmac.new(key, msg=data, digestmod='sha256')
return base64.b64encode(obj.digest()).decode("utf-8")
@app.route('/', methods=['POST'])
def post_data():
"""
githee加密是将post提交的timestamp +'\n' + WebHooks的secret通过hmac的sha256加密,放到HTTP headers的
X-Gitee-Token参数中
"""
logging.info(request.url)
post_data = json.loads(request.data)
sign_string = post_data["timestamp"] + "\n" + secret
token = encryption(sign_string.encode('utf-8'))
# 认证签名是否有效
signature = request.headers.get('X-Gitee-Token', '')
if signature != token:
return "token认证无效", 401
# Push:"push_hooks"/"tag_push_hooks"。 Pull Request:"merge_request_hooks"
if post_data["hook_name"] in ["push_hooks", "tag_push_hooks", "merge_request_hooks"]:
try:
branch_name = post_data["ref"].split("/")[-1]
except KeyError:
branch_name = post_data["target_branch"].split("/")[-1]
# 运行shell脚本,更新代码
logging.info(os.popen('/opt/webhook/command.sh ' + branch_name).read())
return jsonify({"status": 200})
if __name__ == '__main__':
app.run(host="0.0.0.0", port=端口)
启动命令:
nohup python3 /opt/webhook/webhook.py &