From fa7cc110303108f3cb2141f6cc4c51d6453e963c Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Wed, 22 May 2024 22:08:44 +0200 Subject: [PATCH 01/15] move logic --- Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs | 1 + .../Fakes/CallbackModelHelper.cs | 4 +- .../Fakes/FakeGitHubApi.cs | 8 +++ .../Fakes/RepoHelperExtensions.cs | 3 +- .../When_updating_reminder_not_stored.cs | 1 + ...hen_updating_reminder_on_default_branch.cs | 1 + Annoy-o-Bot.Tests/FileChangesTests.cs | 4 +- Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs | 29 ++++++++++ Annoy-o-Bot.Tests/GitHubHelperTests.cs | 38 ------------ Annoy-o-Bot.Tests/RequestParserTests.cs | 1 + Annoy-o-Bot/CallbackHandler.cs | 41 +++++-------- .../{ => GitHub/Callbacks}/CallbackModel.cs | 4 +- .../Callbacks/CallbackModelExtensions.cs | 9 +++ .../GitHub/{ => Callbacks}/RequestParser.cs | 4 +- Annoy-o-Bot/GitHub/CommitParser.cs | 1 + Annoy-o-Bot/GitHub/GitHubApi.cs | 42 +++++++++++++- Annoy-o-Bot/GitHub/GitHubHelper.cs | 58 ------------------- Annoy-o-Bot/GitHub/IGitHubApi.cs | 3 + 18 files changed, 121 insertions(+), 131 deletions(-) create mode 100644 Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs delete mode 100644 Annoy-o-Bot.Tests/GitHubHelperTests.cs rename Annoy-o-Bot/{ => GitHub/Callbacks}/CallbackModel.cs (95%) create mode 100644 Annoy-o-Bot/GitHub/Callbacks/CallbackModelExtensions.cs rename Annoy-o-Bot/GitHub/{ => Callbacks}/RequestParser.cs (59%) diff --git a/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs b/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs index 0d800bb..17482de 100644 --- a/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs +++ b/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs @@ -3,6 +3,7 @@ using System.Text; using Annoy_o_Bot.CosmosDB; using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Callbacks; using Microsoft.AspNetCore.Http; using Microsoft.Azure.Cosmos; using Microsoft.Extensions.Configuration; diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/CallbackModelHelper.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/CallbackModelHelper.cs index 98902d9..c35ee99 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/CallbackModelHelper.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/CallbackModelHelper.cs @@ -1,4 +1,6 @@ -namespace Annoy_o_Bot.AcceptanceTests.Fakes; +using Annoy_o_Bot.GitHub.Callbacks; + +namespace Annoy_o_Bot.AcceptanceTests.Fakes; class CallbackModelHelper { diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs index 8a5b80e..0c57bce 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs @@ -1,4 +1,6 @@ using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Callbacks; +using Microsoft.AspNetCore.Http; namespace Annoy_o_Bot.AcceptanceTests.Fakes; @@ -26,4 +28,10 @@ public Task GetRepository(long installationId, long repositor { return Task.FromResult(registeredRepos[(installationId, repositoryId)]); } + + public async Task ValidateCallback(HttpRequest callbackRequest, string secret) + { + var content = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); + return RequestParser.ParseJson(content); + } } \ No newline at end of file diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs index 76e7f5b..15ed2b4 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs @@ -1,4 +1,5 @@ -using Newtonsoft.Json; +using Annoy_o_Bot.GitHub.Callbacks; +using Newtonsoft.Json; using Octokit; namespace Annoy_o_Bot.AcceptanceTests.Fakes; diff --git a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_not_stored.cs b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_not_stored.cs index 9881732..b62a270 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_not_stored.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_not_stored.cs @@ -1,5 +1,6 @@ using Annoy_o_Bot.AcceptanceTests.Fakes; using Annoy_o_Bot.CosmosDB; +using Annoy_o_Bot.GitHub.Callbacks; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging.Abstractions; using Xunit; diff --git a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs index caabb4a..bede653 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs @@ -1,6 +1,7 @@ using System.Text.Json; using Annoy_o_Bot.AcceptanceTests.Fakes; using Annoy_o_Bot.CosmosDB; +using Annoy_o_Bot.GitHub.Callbacks; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging.Abstractions; using Xunit; diff --git a/Annoy-o-Bot.Tests/FileChangesTests.cs b/Annoy-o-Bot.Tests/FileChangesTests.cs index de88239..2f8a3b0 100644 --- a/Annoy-o-Bot.Tests/FileChangesTests.cs +++ b/Annoy-o-Bot.Tests/FileChangesTests.cs @@ -1,4 +1,6 @@ -namespace Annoy_o_Bot.Tests +using Annoy_o_Bot.GitHub.Callbacks; + +namespace Annoy_o_Bot.Tests { using Annoy_o_Bot.GitHub; using Xunit; diff --git a/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs b/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs new file mode 100644 index 0000000..dd6891a --- /dev/null +++ b/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs @@ -0,0 +1,29 @@ +using Microsoft.Extensions.Logging.Abstractions; +using System; +using System.Threading.Tasks; +using Xunit; +using Annoy_o_Bot.GitHub; + +namespace Annoy_o_Bot.Tests +{ + public class GitHubHelperTests + { + [Theory] + [InlineData("46F335537C051512C7554148D3683D98DEE8843E2E919A21065E0BD5FD09CDA5")] + [InlineData("46f335537c051512c7554148d3683d98dee8843e2e919a21065e0bd5fd09cda5")] + public async Task Should_verify_valid_body(string hash) + { + var gitHubApi = new GitHubApi(NullLoggerFactory.Instance); + + await gitHubApi.ValidateSignature("Hello World!", "secretkey", hash); + } + + [Fact] + public void Should_throw_on_invalid_body() + { + var gitHubApi = new GitHubApi(NullLoggerFactory.Instance); + + Assert.ThrowsAsync(() => gitHubApi.ValidateSignature("Hello Wörld!", "secretkey", "B0D3E5FBD7B71A4539E27257AF48C677E8CAD2F803C2CC87C3164CD4254AFF79")); + } + } +} \ No newline at end of file diff --git a/Annoy-o-Bot.Tests/GitHubHelperTests.cs b/Annoy-o-Bot.Tests/GitHubHelperTests.cs deleted file mode 100644 index d2d9680..0000000 --- a/Annoy-o-Bot.Tests/GitHubHelperTests.cs +++ /dev/null @@ -1,38 +0,0 @@ -using Microsoft.Extensions.Logging.Abstractions; -using System; -using System.IO; -using System.Text; -using System.Threading.Tasks; -using Microsoft.AspNetCore.Http; -using Xunit; -using Annoy_o_Bot.GitHub; - -namespace Annoy_o_Bot.Tests -{ - public class GitHubHelperTests - { - [Theory] - [InlineData("46F335537C051512C7554148D3683D98DEE8843E2E919A21065E0BD5FD09CDA5")] - [InlineData("46f335537c051512c7554148d3683d98dee8843e2e919a21065e0bd5fd09cda5")] - public async Task Should_verify_valid_body(string hash) - { - var httpContext = new DefaultHttpContext(); - var request = httpContext.Request; - request.Headers.Add("X-Hub-Signature-256", $"sha256={hash}"); - request.Body = new MemoryStream(Encoding.UTF8.GetBytes("Hello World!")); - - await GitHubHelper.ValidateRequest(request, "secretkey", NullLogger.Instance); - } - - [Fact] - public void Should_throw_on_invalid_body() - { - var httpContext = new DefaultHttpContext(); - var request = httpContext.Request; - request.Headers.Add("X-Hub-Signature-256", "sha256=B0D3E5FBD7B71A4539E27257AF48C677E8CAD2F803C2CC87C3164CD4254AFF79"); - request.Body = new MemoryStream(Encoding.UTF8.GetBytes("Hello Wörld!")); - - Assert.ThrowsAsync(() => GitHubHelper.ValidateRequest(request, "somekey", NullLogger.Instance)); - } - } -} \ No newline at end of file diff --git a/Annoy-o-Bot.Tests/RequestParserTests.cs b/Annoy-o-Bot.Tests/RequestParserTests.cs index 8804ef4..96d6afb 100644 --- a/Annoy-o-Bot.Tests/RequestParserTests.cs +++ b/Annoy-o-Bot.Tests/RequestParserTests.cs @@ -1,5 +1,6 @@ using System.IO; using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Callbacks; using Xunit; namespace Annoy_o_Bot.Tests diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index 2e72290..f19847e 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -10,10 +10,10 @@ using Octokit; using Annoy_o_Bot.Parser; using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Callbacks; using Microsoft.Azure.Cosmos; using Microsoft.Extensions.Configuration; using Microsoft.Azure.Functions.Worker; -using Microsoft.Extensions.Primitives; namespace Annoy_o_Bot { @@ -30,25 +30,26 @@ public async Task Run( Container cosmosContainer) { var cosmosWrapper = new CosmosClientWrapper(cosmosContainer); - await GitHubHelper.ValidateRequest(req, configuration.GetValue("WebhookSecret") ?? throw new Exception("Missing 'WebhookSecret' env var"), log); if (!IsGitCommitCallback(req)) { return new OkResult(); } - var requestObject = await ParseRequest(req, log); - var githubClient = await gitHubApi.GetRepository(requestObject.Installation.Id, requestObject.Repository.Id); + var commitModel = await gitHubApi.ValidateCallback(req, + configuration.GetValue("WebhookSecret") ?? + throw new Exception("Missing 'WebhookSecret' setting to validate GitHub callbacks.")); - if (requestObject.HeadCommit == null) + + if (commitModel.HeadCommit == null) { // no commits on push (e.g. branch delete) return new OkResult(); } + + log.LogInformation($"Handling changes made to branch '{commitModel.Repository.Name}{commitModel.Ref}' by head-commit '{commitModel.HeadCommit.Id}'."); - log.LogInformation($"Handling changes made to branch '{requestObject.Repository.Name}{requestObject.Ref}' by head-commit '{requestObject.HeadCommit.Id}'."); - - var commitsToConsider = requestObject.Commits; + var commitsToConsider = commitModel.Commits; if (commitsToConsider.LastOrDefault()?.Message?.StartsWith("Merge ") ?? false) { // if the last commit is a merge commit, ignore other commits as the merge commits contains all the relevant changes @@ -56,16 +57,17 @@ public async Task Run( commitsToConsider = [commitsToConsider.Last()]; } + var githubClient = await gitHubApi.GetRepository(commitModel.Installation.Id, commitModel.Repository.Id); var fileChanges = CommitParser.GetChanges(commitsToConsider); var reminderChanges = ReminderFilter.FilterReminders(fileChanges); - if (requestObject.Ref.EndsWith($"/{requestObject.Repository.DefaultBranch}")) + if (commitModel.IsDefaultBranch()) { - await ApplyReminderDefinitions(reminderChanges, requestObject, githubClient, cosmosWrapper, fileChanges); + await ApplyReminderDefinitions(reminderChanges, commitModel, githubClient, cosmosWrapper, fileChanges); } else { - await ValidateReminderDefinitions(reminderChanges, requestObject, githubClient); + await ValidateReminderDefinitions(reminderChanges, commitModel, githubClient); } return new OkResult(); @@ -173,23 +175,6 @@ await githubClient.CreateComment(requestObject.HeadCommit.Id, $"Created reminder '{reminderDefinition.Title}' for {reminderDefinition.Date:D}"); } - private static async Task ParseRequest(HttpRequest req, ILogger log) - { - CallbackModel requestObject; - try - { - var requestBody = await new StreamReader(req.Body).ReadToEndAsync(); - requestObject = RequestParser.ParseJson(requestBody); - } - catch (Exception e) - { - log.LogError(e, "Error at parsing callback input"); - throw; - } - - return requestObject; - } - private static async Task TryCreateCheckRun(IGitHubRepository installationClient, long repositoryId, NewCheckRun checkRun, ILogger logger) { // Ignore check run failures for now. Check run permissions were added later, so users might not have granted permissions to add check runs. diff --git a/Annoy-o-Bot/CallbackModel.cs b/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs similarity index 95% rename from Annoy-o-Bot/CallbackModel.cs rename to Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs index 8d8c4f3..b74ed3d 100644 --- a/Annoy-o-Bot/CallbackModel.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs @@ -3,7 +3,7 @@ using System; using Newtonsoft.Json; -namespace Annoy_o_Bot +namespace Annoy_o_Bot.GitHub.Callbacks { public class CallbackModel { @@ -11,6 +11,7 @@ public class CallbackModel public RepositoryModel Repository { get; set; } public CommitModel[] Commits { get; set; } public string Ref { get; set; } + [JsonProperty("head_commit")] public CommitModel HeadCommit { get; set; } public PusherModel Pusher { get; set; } @@ -32,6 +33,7 @@ public class InstallationModel public class RepositoryModel { public long Id { get; set; } + [JsonProperty("default_branch")] public string DefaultBranch { get; set; } public string Name { get; set; } diff --git a/Annoy-o-Bot/GitHub/Callbacks/CallbackModelExtensions.cs b/Annoy-o-Bot/GitHub/Callbacks/CallbackModelExtensions.cs new file mode 100644 index 0000000..a010777 --- /dev/null +++ b/Annoy-o-Bot/GitHub/Callbacks/CallbackModelExtensions.cs @@ -0,0 +1,9 @@ +namespace Annoy_o_Bot.GitHub.Callbacks; + +public static class CallbackModelExtensions +{ + public static bool IsDefaultBranch(this CallbackModel callbackModel) + { + return callbackModel.Ref.EndsWith($"/{callbackModel.Repository.DefaultBranch}"); + } +} \ No newline at end of file diff --git a/Annoy-o-Bot/GitHub/RequestParser.cs b/Annoy-o-Bot/GitHub/Callbacks/RequestParser.cs similarity index 59% rename from Annoy-o-Bot/GitHub/RequestParser.cs rename to Annoy-o-Bot/GitHub/Callbacks/RequestParser.cs index 6cef641..048ad60 100644 --- a/Annoy-o-Bot/GitHub/RequestParser.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/RequestParser.cs @@ -1,12 +1,12 @@ using Newtonsoft.Json; -namespace Annoy_o_Bot.GitHub +namespace Annoy_o_Bot.GitHub.Callbacks { public class RequestParser { public static CallbackModel ParseJson(string requestBody) { - CallbackModel requestObject = JsonConvert.DeserializeObject(requestBody); + var requestObject = JsonConvert.DeserializeObject(requestBody); return requestObject; } } diff --git a/Annoy-o-Bot/GitHub/CommitParser.cs b/Annoy-o-Bot/GitHub/CommitParser.cs index a6dc2c4..c814f82 100644 --- a/Annoy-o-Bot/GitHub/CommitParser.cs +++ b/Annoy-o-Bot/GitHub/CommitParser.cs @@ -1,4 +1,5 @@ using System.Collections.Generic; +using Annoy_o_Bot.GitHub.Callbacks; namespace Annoy_o_Bot.GitHub { diff --git a/Annoy-o-Bot/GitHub/GitHubApi.cs b/Annoy-o-Bot/GitHub/GitHubApi.cs index 7a00166..386af5e 100644 --- a/Annoy-o-Bot/GitHub/GitHubApi.cs +++ b/Annoy-o-Bot/GitHub/GitHubApi.cs @@ -1,4 +1,10 @@ -using System.Threading.Tasks; +using System; +using System.IO; +using System.Security.Cryptography; +using System.Text; +using System.Threading.Tasks; +using Annoy_o_Bot.GitHub.Callbacks; +using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; using Octokit; @@ -7,10 +13,12 @@ namespace Annoy_o_Bot.GitHub; public class GitHubApi : IGitHubApi { ILoggerFactory loggerFactory; + ILogger logger; public GitHubApi(ILoggerFactory loggerFactory) { this.loggerFactory = loggerFactory; + this.logger = loggerFactory.CreateLogger(); } public async Task GetInstallation(long installationId) @@ -25,5 +33,37 @@ public async Task GetRepository(long installationId, long rep return new GitHubRepository(installationClient, repositoryId, loggerFactory.CreateLogger()); } + public async Task ValidateCallback(HttpRequest callbackRequest, string secret) + { + if (!callbackRequest.Headers.TryGetValue("X-Hub-Signature-256", out var sha256SignatureHeaderValue)) + { + throw new Exception("Incoming callback request does not contain a 'X-Hub-Signature-256' header"); + } + + var requestBody = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); + await ValidateSignature(requestBody, secret, sha256SignatureHeaderValue.ToString().Replace("sha256=", "")); + + return RequestParser.ParseJson(requestBody); + } + + public async Task ValidateSignature(string signedText, string secret, string sha256Signature) + { + var hmacsha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret)); + + using var memoryStream = new MemoryStream(Encoding.UTF8.GetBytes(signedText)); + + var hash = await hmacsha256.ComputeHashAsync(memoryStream); + var hashString = Convert.ToHexString(hash); + + if (!string.Equals(sha256Signature, hashString, StringComparison.OrdinalIgnoreCase)) + { + logger.LogWarning( + "Invalid request body that doesn't match provided SHA256 signature ({shaSignature}): {body}", + sha256Signature, signedText); + throw new Exception( + $"Computed request payload signature ('{hashString}') does not match provided signature ('{sha256Signature}')"); + } + } + static Task GetInstallationClient(long installationId) => GitHubHelper.GetInstallationClient(installationId); } \ No newline at end of file diff --git a/Annoy-o-Bot/GitHub/GitHubHelper.cs b/Annoy-o-Bot/GitHub/GitHubHelper.cs index 218335a..3851ece 100644 --- a/Annoy-o-Bot/GitHub/GitHubHelper.cs +++ b/Annoy-o-Bot/GitHub/GitHubHelper.cs @@ -1,70 +1,12 @@ using System; -using System.IO; -using System.Runtime.InteropServices; -using System.Text; using System.Threading.Tasks; using GitHubJwt; -using Microsoft.Extensions.Logging; using Octokit; namespace Annoy_o_Bot.GitHub { - using System.Security.Cryptography; - using Microsoft.AspNetCore.Http; - public class GitHubHelper { - /// - /// Validates whether the request is indeed coming from GitHub using the webhook secret. - /// - public static async Task ValidateRequest(HttpRequest request, string secret, ILogger logger) - { - if (!request.Headers.TryGetValue("X-Hub-Signature-256", out var sha256Signature)) - { - throw new Exception("Incoming callback request does not contain a 'X-Hub-Signature-256' header"); - } - - var hmacsha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret)); - - // enable buffering so we can reset the request body stream position - // otherwise this throws a System.NotSupportedException when running in Azure Functions - request.EnableBuffering(); - - var hash = await hmacsha256.ComputeHashAsync(request.Body); - request.Body.Position = 0; - var hashString = $"sha256={Convert.ToHexString(hash)}"; - - if (!string.Equals(sha256Signature, hashString, StringComparison.OrdinalIgnoreCase)) - { - logger.LogWarning($"Validation mismatch. {Environment.MachineName}, {Environment.OSVersion}, {Environment.Version}, {RuntimeInformation.RuntimeIdentifier}, {RuntimeInformation.OSArchitecture}, {RuntimeInformation.OSDescription}, {RuntimeInformation.FrameworkDescription}, {RuntimeInformation.ProcessArchitecture}"); - var hmacsha1 = new HMACSHA1(Encoding.UTF8.GetBytes(secret)); - if (ValidateRequestSha1(request, hmacsha1)) - { - logger.LogWarning("Failed SHA256 validation but passed SHA1 check."); - return; - } - - var exception = new Exception($"Computed request payload signature ('{hashString}') does not match provided signature ('{sha256Signature}')"); - logger.LogWarning(new StreamReader(request.Body).ReadToEnd()); - throw exception; - } - } - - public static bool ValidateRequestSha1(HttpRequest request, HMACSHA1 sha1) - { - if (!request.Headers.TryGetValue("X-Hub-Signature", out var sha1Signature)) - { - return false; - } - - var hash = sha1?.ComputeHash(request.Body) ?? Array.Empty(); - request.Body.Position = 0; - var hexString = Convert.ToHexString(hash); - var hashString = $"sha1={hexString}"; - - return string.Equals(sha1Signature, hashString, StringComparison.OrdinalIgnoreCase); - } - public static async Task GetInstallationClient(long installationId) { // Use GitHubJwt library to create the GitHubApp Jwt Token using our private certificate PEM file diff --git a/Annoy-o-Bot/GitHub/IGitHubApi.cs b/Annoy-o-Bot/GitHub/IGitHubApi.cs index 26996a3..d0d1086 100644 --- a/Annoy-o-Bot/GitHub/IGitHubApi.cs +++ b/Annoy-o-Bot/GitHub/IGitHubApi.cs @@ -1,4 +1,6 @@ using System.Threading.Tasks; +using Annoy_o_Bot.GitHub.Callbacks; +using Microsoft.AspNetCore.Http; namespace Annoy_o_Bot.GitHub; @@ -6,4 +8,5 @@ public interface IGitHubApi { Task GetInstallation(long installationId); Task GetRepository(long installationId, long repositoryId); + Task ValidateCallback(HttpRequest callbackRequest, string secret); } \ No newline at end of file From f968c47e27e2d42e118d8af8f05de79bff16647f Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Wed, 22 May 2024 22:15:52 +0200 Subject: [PATCH 02/15] inline remaining github helper method --- Annoy-o-Bot/GitHub/GitHubApi.cs | 34 ++++++++++++++++++++++- Annoy-o-Bot/GitHub/GitHubHelper.cs | 44 ------------------------------ 2 files changed, 33 insertions(+), 45 deletions(-) delete mode 100644 Annoy-o-Bot/GitHub/GitHubHelper.cs diff --git a/Annoy-o-Bot/GitHub/GitHubApi.cs b/Annoy-o-Bot/GitHub/GitHubApi.cs index 386af5e..2657b23 100644 --- a/Annoy-o-Bot/GitHub/GitHubApi.cs +++ b/Annoy-o-Bot/GitHub/GitHubApi.cs @@ -65,5 +65,37 @@ public async Task ValidateSignature(string signedText, string secret, string sha } } - static Task GetInstallationClient(long installationId) => GitHubHelper.GetInstallationClient(installationId); + static async Task GetInstallationClient(long installationId) + { + // Use GitHubJwt library to create the GitHubApp Jwt Token using our private certificate PEM file + var appIntegrationId = Convert.ToInt32(Environment.GetEnvironmentVariable("GitHubAppId")); + var environmentVariablePrivateKeySource = new EnvironmentVariablePrivateKeySource("PrivateKey"); + var generator = new GitHubJwtFactory( + environmentVariablePrivateKeySource, + new GitHubJwtFactoryOptions + { + AppIntegrationId = appIntegrationId, + ExpirationSeconds = 600 // 10 minutes is the maximum time allowed + } + ); + var jwtToken = generator.CreateEncodedJwtToken(); + + var productHeaderValue = Environment.GetEnvironmentVariable("GitHubProductHeader"); + // Use the JWT as a Bearer token + var appClient = new GitHubClient(new ProductHeaderValue(productHeaderValue)) + { + Credentials = new Credentials(jwtToken, AuthenticationType.Bearer) + }; + // Get the current authenticated GitHubApp + var app = await appClient.GitHubApps.GetCurrent(); + // Create an Installation token for Insallation Id + var response = await appClient.GitHubApps.CreateInstallationToken(installationId); + + // Create a new GitHubClient using the installation token as authentication + var installationClient = new GitHubClient(new ProductHeaderValue(productHeaderValue)) + { + Credentials = new Credentials(response.Token) + }; + return installationClient; + } } \ No newline at end of file diff --git a/Annoy-o-Bot/GitHub/GitHubHelper.cs b/Annoy-o-Bot/GitHub/GitHubHelper.cs deleted file mode 100644 index 3851ece..0000000 --- a/Annoy-o-Bot/GitHub/GitHubHelper.cs +++ /dev/null @@ -1,44 +0,0 @@ -using System; -using System.Threading.Tasks; -using GitHubJwt; -using Octokit; - -namespace Annoy_o_Bot.GitHub -{ - public class GitHubHelper - { - public static async Task GetInstallationClient(long installationId) - { - // Use GitHubJwt library to create the GitHubApp Jwt Token using our private certificate PEM file - var appIntegrationId = Convert.ToInt32(Environment.GetEnvironmentVariable("GitHubAppId")); - var environmentVariablePrivateKeySource = new EnvironmentVariablePrivateKeySource("PrivateKey"); - var generator = new GitHubJwtFactory( - environmentVariablePrivateKeySource, - new GitHubJwtFactoryOptions - { - AppIntegrationId = appIntegrationId, - ExpirationSeconds = 600 // 10 minutes is the maximum time allowed - } - ); - var jwtToken = generator.CreateEncodedJwtToken(); - - var productHeaderValue = Environment.GetEnvironmentVariable("GitHubProductHeader"); - // Use the JWT as a Bearer token - var appClient = new GitHubClient(new ProductHeaderValue(productHeaderValue)) - { - Credentials = new Credentials(jwtToken, AuthenticationType.Bearer) - }; - // Get the current authenticated GitHubApp - var app = await appClient.GitHubApps.GetCurrent(); - // Create an Installation token for Insallation Id - var response = await appClient.GitHubApps.CreateInstallationToken(installationId); - - // Create a new GitHubClient using the installation token as authentication - var installationClient = new GitHubClient(new ProductHeaderValue(productHeaderValue)) - { - Credentials = new Credentials(response.Token) - }; - return installationClient; - } - } -} \ No newline at end of file From f8f51b2864d0a9d0bf3ecb9f3e1e6f109c3d2e72 Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Wed, 22 May 2024 22:16:13 +0200 Subject: [PATCH 03/15] simplify github api validation method --- Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs | 2 +- Annoy-o-Bot/CallbackHandler.cs | 4 +--- Annoy-o-Bot/GitHub/GitHubApi.cs | 7 ++++++- Annoy-o-Bot/GitHub/IGitHubApi.cs | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs index 0c57bce..baa1088 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs @@ -29,7 +29,7 @@ public Task GetRepository(long installationId, long repositor return Task.FromResult(registeredRepos[(installationId, repositoryId)]); } - public async Task ValidateCallback(HttpRequest callbackRequest, string secret) + public async Task ValidateCallback(HttpRequest callbackRequest) { var content = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); return RequestParser.ParseJson(content); diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index f19847e..fd70295 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -36,9 +36,7 @@ public async Task Run( return new OkResult(); } - var commitModel = await gitHubApi.ValidateCallback(req, - configuration.GetValue("WebhookSecret") ?? - throw new Exception("Missing 'WebhookSecret' setting to validate GitHub callbacks.")); + var commitModel = await gitHubApi.ValidateCallback(req); if (commitModel.HeadCommit == null) diff --git a/Annoy-o-Bot/GitHub/GitHubApi.cs b/Annoy-o-Bot/GitHub/GitHubApi.cs index 2657b23..f8a9827 100644 --- a/Annoy-o-Bot/GitHub/GitHubApi.cs +++ b/Annoy-o-Bot/GitHub/GitHubApi.cs @@ -4,6 +4,7 @@ using System.Text; using System.Threading.Tasks; using Annoy_o_Bot.GitHub.Callbacks; +using GitHubJwt; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; using Octokit; @@ -33,7 +34,7 @@ public async Task GetRepository(long installationId, long rep return new GitHubRepository(installationClient, repositoryId, loggerFactory.CreateLogger()); } - public async Task ValidateCallback(HttpRequest callbackRequest, string secret) + public async Task ValidateCallback(HttpRequest callbackRequest) { if (!callbackRequest.Headers.TryGetValue("X-Hub-Signature-256", out var sha256SignatureHeaderValue)) { @@ -41,6 +42,10 @@ public async Task ValidateCallback(HttpRequest callbackRequest, s } var requestBody = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); + + var secret = Environment.GetEnvironmentVariable("WebhookSecret") ?? + throw new Exception("Missing 'WebhookSecret' setting to validate GitHub callbacks."); + await ValidateSignature(requestBody, secret, sha256SignatureHeaderValue.ToString().Replace("sha256=", "")); return RequestParser.ParseJson(requestBody); diff --git a/Annoy-o-Bot/GitHub/IGitHubApi.cs b/Annoy-o-Bot/GitHub/IGitHubApi.cs index d0d1086..735f590 100644 --- a/Annoy-o-Bot/GitHub/IGitHubApi.cs +++ b/Annoy-o-Bot/GitHub/IGitHubApi.cs @@ -8,5 +8,5 @@ public interface IGitHubApi { Task GetInstallation(long installationId); Task GetRepository(long installationId, long repositoryId); - Task ValidateCallback(HttpRequest callbackRequest, string secret); + Task ValidateCallback(HttpRequest callbackRequest); } \ No newline at end of file From b4537ba4fdd9680b4d7e981eefcefccdfb977a78 Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Wed, 22 May 2024 22:34:40 +0200 Subject: [PATCH 04/15] move api out from github api again --- .../Fakes/FakeGitHubApi.cs | 10 ----- Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs | 5 ++- Annoy-o-Bot/CallbackHandler.cs | 5 ++- .../GitHub/Callbacks/GitHubCallbackRequest.cs | 40 +++++++++++++++++++ Annoy-o-Bot/GitHub/GitHubApi.cs | 36 ----------------- Annoy-o-Bot/GitHub/IGitHubApi.cs | 1 - 6 files changed, 46 insertions(+), 51 deletions(-) create mode 100644 Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs index baa1088..aef32cb 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs @@ -8,10 +8,6 @@ class FakeGitHubApi : IGitHubApi { private Dictionary<(long, long), IGitHubRepository> registeredRepos = new(); - public FakeGitHubApi() - { - } - public FakeGitHubRepository CreateNewRepository() { var repository = new FakeGitHubRepository(Random.Shared.NextInt64(), Random.Shared.NextInt64()); @@ -28,10 +24,4 @@ public Task GetRepository(long installationId, long repositor { return Task.FromResult(registeredRepos[(installationId, repositoryId)]); } - - public async Task ValidateCallback(HttpRequest callbackRequest) - { - var content = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); - return RequestParser.ParseJson(content); - } } \ No newline at end of file diff --git a/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs b/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs index dd6891a..ca39586 100644 --- a/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs +++ b/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs @@ -3,6 +3,7 @@ using System.Threading.Tasks; using Xunit; using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Callbacks; namespace Annoy_o_Bot.Tests { @@ -15,7 +16,7 @@ public async Task Should_verify_valid_body(string hash) { var gitHubApi = new GitHubApi(NullLoggerFactory.Instance); - await gitHubApi.ValidateSignature("Hello World!", "secretkey", hash); + await GitHubCallbackRequest.ValidateSignature("Hello World!", "secretkey", hash); } [Fact] @@ -23,7 +24,7 @@ public void Should_throw_on_invalid_body() { var gitHubApi = new GitHubApi(NullLoggerFactory.Instance); - Assert.ThrowsAsync(() => gitHubApi.ValidateSignature("Hello Wörld!", "secretkey", "B0D3E5FBD7B71A4539E27257AF48C677E8CAD2F803C2CC87C3164CD4254AFF79")); + Assert.ThrowsAsync(() => GitHubCallbackRequest.ValidateSignature("Hello Wörld!", "secretkey", "B0D3E5FBD7B71A4539E27257AF48C677E8CAD2F803C2CC87C3164CD4254AFF79")); } } } \ No newline at end of file diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index fd70295..0ab1fb2 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -36,8 +36,9 @@ public async Task Run( return new OkResult(); } - var commitModel = await gitHubApi.ValidateCallback(req); - + var secret = configuration.GetValue("WebhookSecret") ?? + throw new Exception("Missing 'WebhookSecret' setting to validate GitHub callbacks."); + var commitModel = await GitHubCallbackRequest.Validate(req, secret); if (commitModel.HeadCommit == null) { diff --git a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs new file mode 100644 index 0000000..87b83e5 --- /dev/null +++ b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs @@ -0,0 +1,40 @@ +using System; +using System.IO; +using System.Security.Cryptography; +using System.Text; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Http; + +namespace Annoy_o_Bot.GitHub.Callbacks; + +public class GitHubCallbackRequest +{ + public static async Task Validate(HttpRequest callbackRequest, string gitHubSecret) + { + if (!callbackRequest.Headers.TryGetValue("X-Hub-Signature-256", out var sha256SignatureHeaderValue)) + { + throw new Exception("Incoming callback request does not contain a 'X-Hub-Signature-256' header"); + } + + var requestBody = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); + + await ValidateSignature(requestBody, gitHubSecret, sha256SignatureHeaderValue.ToString().Replace("sha256=", "")); + + return RequestParser.ParseJson(requestBody); + } + + public static async Task ValidateSignature(string signedText, string secret, string sha256Signature) + { + var hmacsha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret)); + + using var memoryStream = new MemoryStream(Encoding.UTF8.GetBytes(signedText)); + + var hash = await hmacsha256.ComputeHashAsync(memoryStream); + var hashString = Convert.ToHexString(hash); + + if (!string.Equals(sha256Signature, hashString, StringComparison.OrdinalIgnoreCase)) + { + throw new Exception($"Computed request payload signature ('{hashString}') does not match provided signature ('{sha256Signature}'). Signed text: '{signedText}'"); + } + } +} \ No newline at end of file diff --git a/Annoy-o-Bot/GitHub/GitHubApi.cs b/Annoy-o-Bot/GitHub/GitHubApi.cs index f8a9827..590ea09 100644 --- a/Annoy-o-Bot/GitHub/GitHubApi.cs +++ b/Annoy-o-Bot/GitHub/GitHubApi.cs @@ -34,42 +34,6 @@ public async Task GetRepository(long installationId, long rep return new GitHubRepository(installationClient, repositoryId, loggerFactory.CreateLogger()); } - public async Task ValidateCallback(HttpRequest callbackRequest) - { - if (!callbackRequest.Headers.TryGetValue("X-Hub-Signature-256", out var sha256SignatureHeaderValue)) - { - throw new Exception("Incoming callback request does not contain a 'X-Hub-Signature-256' header"); - } - - var requestBody = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); - - var secret = Environment.GetEnvironmentVariable("WebhookSecret") ?? - throw new Exception("Missing 'WebhookSecret' setting to validate GitHub callbacks."); - - await ValidateSignature(requestBody, secret, sha256SignatureHeaderValue.ToString().Replace("sha256=", "")); - - return RequestParser.ParseJson(requestBody); - } - - public async Task ValidateSignature(string signedText, string secret, string sha256Signature) - { - var hmacsha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret)); - - using var memoryStream = new MemoryStream(Encoding.UTF8.GetBytes(signedText)); - - var hash = await hmacsha256.ComputeHashAsync(memoryStream); - var hashString = Convert.ToHexString(hash); - - if (!string.Equals(sha256Signature, hashString, StringComparison.OrdinalIgnoreCase)) - { - logger.LogWarning( - "Invalid request body that doesn't match provided SHA256 signature ({shaSignature}): {body}", - sha256Signature, signedText); - throw new Exception( - $"Computed request payload signature ('{hashString}') does not match provided signature ('{sha256Signature}')"); - } - } - static async Task GetInstallationClient(long installationId) { // Use GitHubJwt library to create the GitHubApp Jwt Token using our private certificate PEM file diff --git a/Annoy-o-Bot/GitHub/IGitHubApi.cs b/Annoy-o-Bot/GitHub/IGitHubApi.cs index 735f590..043754d 100644 --- a/Annoy-o-Bot/GitHub/IGitHubApi.cs +++ b/Annoy-o-Bot/GitHub/IGitHubApi.cs @@ -8,5 +8,4 @@ public interface IGitHubApi { Task GetInstallation(long installationId); Task GetRepository(long installationId, long repositoryId); - Task ValidateCallback(HttpRequest callbackRequest); } \ No newline at end of file From bb4f88a215d38d0360f59df1db96640aa8b01ea8 Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Wed, 22 May 2024 22:51:31 +0200 Subject: [PATCH 05/15] move some more logic --- Annoy-o-Bot/CallbackHandler.cs | 19 +----------------- Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs | 6 ++++++ .../GitHub/Callbacks/GitHubCallbackRequest.cs | 20 ++++++++++++++++++- Annoy-o-Bot/GitHub/Callbacks/RequestParser.cs | 13 ------------ 4 files changed, 26 insertions(+), 32 deletions(-) delete mode 100644 Annoy-o-Bot/GitHub/Callbacks/RequestParser.cs diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index 0ab1fb2..9f88f98 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -31,7 +31,7 @@ public async Task Run( { var cosmosWrapper = new CosmosClientWrapper(cosmosContainer); - if (!IsGitCommitCallback(req)) + if (!GitHubCallbackRequest.IsGitCommitCallback(req, log)) { return new OkResult(); } @@ -143,23 +143,6 @@ await TryCreateCheckRun(githubClient, requestObject.Repository.Id, } } - bool IsGitCommitCallback(HttpRequest req) - { - if (!req.Headers.TryGetValue("X-GitHub-Event", out var callbackEvent) || callbackEvent != "push") - { - // Check for known callback types that we don't care - if (callbackEvent != "check_suite") // ignore check_suite events - { - // record unknown callback types to further analyze them - log.LogWarning($"Non-push callback. 'X-GitHub-Event': '{callbackEvent}'"); - } - - return false; - } - - return true; - } - async Task CreateNewReminder(CosmosClientWrapper cosmosWrapper, CallbackModel requestObject, ReminderDefinition reminderDefinition, string fileName, IGitHubRepository githubClient) { diff --git a/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs b/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs index b74ed3d..5d7f14d 100644 --- a/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs @@ -7,6 +7,12 @@ namespace Annoy_o_Bot.GitHub.Callbacks { public class CallbackModel { + public static CallbackModel FromJson(string json) + { + var requestObject = JsonConvert.DeserializeObject(json); + return requestObject; + } + public InstallationModel Installation { get; set; } public RepositoryModel Repository { get; set; } public CommitModel[] Commits { get; set; } diff --git a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs index 87b83e5..509c7a6 100644 --- a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs @@ -4,11 +4,29 @@ using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Logging; namespace Annoy_o_Bot.GitHub.Callbacks; public class GitHubCallbackRequest { + public static bool IsGitCommitCallback(HttpRequest callbackRequest, ILogger log) + { + if (!callbackRequest.Headers.TryGetValue("X-GitHub-Event", out var callbackEvent) || callbackEvent != "push") + { + // Check for known callback types that we don't care + if (callbackEvent != "check_suite") // ignore check_suite events + { + // record unknown callback types to further analyze them + log.LogWarning($"Non-push callback. 'X-GitHub-Event': '{callbackEvent}'"); + } + + return false; + } + + return true; + } + public static async Task Validate(HttpRequest callbackRequest, string gitHubSecret) { if (!callbackRequest.Headers.TryGetValue("X-Hub-Signature-256", out var sha256SignatureHeaderValue)) @@ -20,7 +38,7 @@ public static async Task Validate(HttpRequest callbackRequest, st await ValidateSignature(requestBody, gitHubSecret, sha256SignatureHeaderValue.ToString().Replace("sha256=", "")); - return RequestParser.ParseJson(requestBody); + return CallbackModel.FromJson(requestBody); } public static async Task ValidateSignature(string signedText, string secret, string sha256Signature) diff --git a/Annoy-o-Bot/GitHub/Callbacks/RequestParser.cs b/Annoy-o-Bot/GitHub/Callbacks/RequestParser.cs deleted file mode 100644 index 048ad60..0000000 --- a/Annoy-o-Bot/GitHub/Callbacks/RequestParser.cs +++ /dev/null @@ -1,13 +0,0 @@ -using Newtonsoft.Json; - -namespace Annoy_o_Bot.GitHub.Callbacks -{ - public class RequestParser - { - public static CallbackModel ParseJson(string requestBody) - { - var requestObject = JsonConvert.DeserializeObject(requestBody); - return requestObject; - } - } -} \ No newline at end of file From a75592c50bfc2691c7a19777252bca4fb0d66d9b Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Tue, 13 Aug 2024 21:21:10 +0200 Subject: [PATCH 06/15] change test root namespace --- Annoy-o-Bot.Tests/Annoy-o-Bot.Tests.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Annoy-o-Bot.Tests/Annoy-o-Bot.Tests.csproj b/Annoy-o-Bot.Tests/Annoy-o-Bot.Tests.csproj index 488c0fd..c11f8a2 100644 --- a/Annoy-o-Bot.Tests/Annoy-o-Bot.Tests.csproj +++ b/Annoy-o-Bot.Tests/Annoy-o-Bot.Tests.csproj @@ -2,7 +2,7 @@ net8.0 - Annoy_o_Bot.Tests + Annoy_o_Bot false From f6c25cea077ef24f74dc3a363bced814eae2b600 Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Tue, 13 Aug 2024 21:28:58 +0200 Subject: [PATCH 07/15] validate --- .../GitHub/Callbacks/CallbackModelTests.cs | 69 ++++++++++++++++++ Annoy-o-Bot.Tests/RequestParserTests.cs | 71 ------------------- Annoy-o-Bot/CallbackHandler.cs | 9 ++- Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs | 71 +++++++++---------- .../GitHub/Callbacks/GitHubCallbackRequest.cs | 36 ++++++---- 5 files changed, 126 insertions(+), 130 deletions(-) create mode 100644 Annoy-o-Bot.Tests/GitHub/Callbacks/CallbackModelTests.cs delete mode 100644 Annoy-o-Bot.Tests/RequestParserTests.cs diff --git a/Annoy-o-Bot.Tests/GitHub/Callbacks/CallbackModelTests.cs b/Annoy-o-Bot.Tests/GitHub/Callbacks/CallbackModelTests.cs new file mode 100644 index 0000000..9d04dbf --- /dev/null +++ b/Annoy-o-Bot.Tests/GitHub/Callbacks/CallbackModelTests.cs @@ -0,0 +1,69 @@ +using System.IO; +using Newtonsoft.Json; +using Xunit; + +namespace Annoy_o_Bot.GitHub.Callbacks; + +public class CallbackModelTests +{ + [Fact] + public void NewFileAdded() + { + var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/fileAdded.json")); + + Assert.Equal("refs/heads/master", result.Ref); + + Assert.Equal(7498230L, result.Installation.Id); + + Assert.Equal(179716425L, result.Repository.Id); + Assert.Equal("master", result.Repository.DefaultBranch); + Assert.Equal("TitleTest", result.Repository.Name); + + var commit = Assert.Single(result.Commits); + Assert.Equal("ba7c6f17f5beaafc603eca52b864356848865fec", commit.Id); + var addedFile = Assert.Single(commit.Added); + Assert.Equal(".reminder/testReminder.json", addedFile); + Assert.Equal("Create trigger4.json", commit.Message); + + Assert.Equal("timbussmann", result.Pusher.Name); + } + + [Fact] + public void MultiCommit() + { + var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/multiCommitFileHistory.json")); + + Assert.Equal(4, result.Commits.Length); + + Assert.Equal(".reminder/newFile.json", Assert.Single(result.Commits[0].Added)); + Assert.Empty(result.Commits[0].Modified); + Assert.Empty(result.Commits[0].Removed); + Assert.Equal("Create newFile.json", result.Commits[0].Message); + + Assert.Equal(".reminder/newFile.json", Assert.Single(result.Commits[1].Modified)); + Assert.Empty(result.Commits[1].Added); + Assert.Empty(result.Commits[1].Removed); + Assert.Equal("Update newFile.json", result.Commits[1].Message); + + Assert.Equal(".reminder/newFile.json", Assert.Single(result.Commits[2].Removed)); + Assert.Empty(result.Commits[2].Added); + Assert.Empty(result.Commits[2].Modified); + Assert.Equal("Delete newFile.json", result.Commits[2].Message); + + Assert.Empty(result.Commits[3].Added); + Assert.Empty(result.Commits[3].Modified); + Assert.Empty(result.Commits[3].Removed); + Assert.Equal("Merge pull request #15 from timbussmann/file-ops-history\n\nCreate newFile.json", result.Commits[3].Message); + + Assert.Equal("cb1ec97f51657c2718ab4e0b1d0bf2656aeb3127", result.HeadCommit.Id); + } + + [Fact] + public void BranchDeleted() + { + var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/branchDeleted.json")); + + Assert.Null(result.HeadCommit); + Assert.Empty(result.Commits); + } +} \ No newline at end of file diff --git a/Annoy-o-Bot.Tests/RequestParserTests.cs b/Annoy-o-Bot.Tests/RequestParserTests.cs deleted file mode 100644 index 96d6afb..0000000 --- a/Annoy-o-Bot.Tests/RequestParserTests.cs +++ /dev/null @@ -1,71 +0,0 @@ -using System.IO; -using Annoy_o_Bot.GitHub; -using Annoy_o_Bot.GitHub.Callbacks; -using Xunit; - -namespace Annoy_o_Bot.Tests -{ - public class RequestParserTests - { - [Fact] - public void NewFileAdded() - { - var result = RequestParser.ParseJson(File.ReadAllText("requests/fileAdded.json")); - - Assert.Equal("refs/heads/master", result.Ref); - - Assert.Equal(7498230L, result.Installation.Id); - - Assert.Equal(179716425L, result.Repository.Id); - Assert.Equal("master", result.Repository.DefaultBranch); - Assert.Equal("TitleTest", result.Repository.Name); - - var commit = Assert.Single(result.Commits); - Assert.Equal("ba7c6f17f5beaafc603eca52b864356848865fec", commit.Id); - var addedFile = Assert.Single(commit.Added); - Assert.Equal(".reminder/testReminder.json", addedFile); - Assert.Equal("Create trigger4.json", commit.Message); - - Assert.Equal("timbussmann", result.Pusher.Name); - } - - [Fact] - public void MultiCommit() - { - var result = RequestParser.ParseJson(File.ReadAllText("requests/multiCommitFileHistory.json")); - - Assert.Equal(4, result.Commits.Length); - - Assert.Equal(".reminder/newFile.json", Assert.Single(result.Commits[0].Added)); - Assert.Empty(result.Commits[0].Modified); - Assert.Empty(result.Commits[0].Removed); - Assert.Equal("Create newFile.json", result.Commits[0].Message); - - Assert.Equal(".reminder/newFile.json", Assert.Single(result.Commits[1].Modified)); - Assert.Empty(result.Commits[1].Added); - Assert.Empty(result.Commits[1].Removed); - Assert.Equal("Update newFile.json", result.Commits[1].Message); - - Assert.Equal(".reminder/newFile.json", Assert.Single(result.Commits[2].Removed)); - Assert.Empty(result.Commits[2].Added); - Assert.Empty(result.Commits[2].Modified); - Assert.Equal("Delete newFile.json", result.Commits[2].Message); - - Assert.Empty(result.Commits[3].Added); - Assert.Empty(result.Commits[3].Modified); - Assert.Empty(result.Commits[3].Removed); - Assert.Equal("Merge pull request #15 from timbussmann/file-ops-history\n\nCreate newFile.json", result.Commits[3].Message); - - Assert.Equal("cb1ec97f51657c2718ab4e0b1d0bf2656aeb3127", result.HeadCommit.Id); - } - - [Fact] - public void BranchDeleted() - { - var result = RequestParser.ParseJson(File.ReadAllText("requests/branchDeleted.json")); - - Assert.Null(result.HeadCommit); - Assert.Empty(result.Commits); - } - } -} \ No newline at end of file diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index 9f88f98..581a2f1 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -31,15 +31,14 @@ public async Task Run( { var cosmosWrapper = new CosmosClientWrapper(cosmosContainer); - if (!GitHubCallbackRequest.IsGitCommitCallback(req, log)) + var secret = configuration.GetValue("WebhookSecret") ?? + throw new Exception("Missing 'WebhookSecret' setting to validate GitHub callbacks."); + var commitModel = await GitHubCallbackRequest.Validate(req, secret, log); + if (commitModel == null) { return new OkResult(); } - var secret = configuration.GetValue("WebhookSecret") ?? - throw new Exception("Missing 'WebhookSecret' setting to validate GitHub callbacks."); - var commitModel = await GitHubCallbackRequest.Validate(req, secret); - if (commitModel.HeadCommit == null) { // no commits on push (e.g. branch delete) diff --git a/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs b/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs index 5d7f14d..b03f642 100644 --- a/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs @@ -3,51 +3,44 @@ using System; using Newtonsoft.Json; -namespace Annoy_o_Bot.GitHub.Callbacks +namespace Annoy_o_Bot.GitHub.Callbacks; + +public class CallbackModel { - public class CallbackModel - { - public static CallbackModel FromJson(string json) - { - var requestObject = JsonConvert.DeserializeObject(json); - return requestObject; - } - - public InstallationModel Installation { get; set; } - public RepositoryModel Repository { get; set; } - public CommitModel[] Commits { get; set; } - public string Ref { get; set; } + public InstallationModel Installation { get; set; } + public RepositoryModel Repository { get; set; } + public CommitModel[] Commits { get; set; } + public string Ref { get; set; } - [JsonProperty("head_commit")] - public CommitModel HeadCommit { get; set; } - public PusherModel Pusher { get; set; } + [JsonProperty("head_commit")] + public CommitModel HeadCommit { get; set; } + public PusherModel Pusher { get; set; } - public class CommitModel - { - public string Id { get; set; } - public string Message { get; set; } - public string[] Added { get; set; } = Array.Empty(); - public string[] Modified { get; set; } = Array.Empty(); - public string[] Removed { get; set; } = Array.Empty(); - } + public class CommitModel + { + public string Id { get; set; } + public string Message { get; set; } + public string[] Added { get; set; } = Array.Empty(); + public string[] Modified { get; set; } = Array.Empty(); + public string[] Removed { get; set; } = Array.Empty(); + } - public class InstallationModel - { - public long Id { get; set; } - } + public class InstallationModel + { + public long Id { get; set; } + } - public class RepositoryModel - { - public long Id { get; set; } + public class RepositoryModel + { + public long Id { get; set; } - [JsonProperty("default_branch")] - public string DefaultBranch { get; set; } - public string Name { get; set; } - } + [JsonProperty("default_branch")] + public string DefaultBranch { get; set; } + public string Name { get; set; } + } - public class PusherModel - { - public string Name { get; set; } - } + public class PusherModel + { + public string Name { get; set; } } } \ No newline at end of file diff --git a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs index 509c7a6..895c210 100644 --- a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs @@ -5,12 +5,32 @@ using System.Threading.Tasks; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; +using Newtonsoft.Json; namespace Annoy_o_Bot.GitHub.Callbacks; public class GitHubCallbackRequest { - public static bool IsGitCommitCallback(HttpRequest callbackRequest, ILogger log) + public static async Task Validate(HttpRequest callbackRequest, string gitHubSecret, ILogger log) + { + if (!IsGitCommitCallback(callbackRequest, log)) + { + return null; + } + + if (!callbackRequest.Headers.TryGetValue("X-Hub-Signature-256", out var sha256SignatureHeaderValue)) + { + throw new Exception("Incoming callback request does not contain a 'X-Hub-Signature-256' header"); + } + + var requestBody = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); + + await ValidateSignature(requestBody, gitHubSecret, sha256SignatureHeaderValue.ToString().Replace("sha256=", "")); + + return JsonConvert.DeserializeObject(requestBody); + } + + static bool IsGitCommitCallback(HttpRequest callbackRequest, ILogger log) { if (!callbackRequest.Headers.TryGetValue("X-GitHub-Event", out var callbackEvent) || callbackEvent != "push") { @@ -26,21 +46,7 @@ public static bool IsGitCommitCallback(HttpRequest callbackRequest, ILogger log) return true; } - - public static async Task Validate(HttpRequest callbackRequest, string gitHubSecret) - { - if (!callbackRequest.Headers.TryGetValue("X-Hub-Signature-256", out var sha256SignatureHeaderValue)) - { - throw new Exception("Incoming callback request does not contain a 'X-Hub-Signature-256' header"); - } - - var requestBody = await new StreamReader(callbackRequest.Body).ReadToEndAsync(); - - await ValidateSignature(requestBody, gitHubSecret, sha256SignatureHeaderValue.ToString().Replace("sha256=", "")); - return CallbackModel.FromJson(requestBody); - } - public static async Task ValidateSignature(string signedText, string secret, string sha256Signature) { var hmacsha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret)); From 2ef3236353ef105a2cd229a4548dcd4e03236a61 Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Tue, 13 Aug 2024 21:33:38 +0200 Subject: [PATCH 08/15] rename callback model --- Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs | 4 +-- .../Fakes/CallbackModelHelper.cs | 4 +-- .../Fakes/RepoHelperExtensions.cs | 10 +++--- .../When_updating_reminder_not_stored.cs | 2 +- ...hen_updating_reminder_on_default_branch.cs | 2 +- Annoy-o-Bot.Tests/FileChangesTests.cs | 34 +++++++++---------- ...lTests.cs => GitPushCallbackModelTests.cs} | 8 ++--- Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs | 2 +- .../Callbacks/CallbackModelExtensions.cs | 4 +-- Annoy-o-Bot/GitHub/CommitParser.cs | 2 +- 10 files changed, 36 insertions(+), 36 deletions(-) rename Annoy-o-Bot.Tests/GitHub/Callbacks/{CallbackModelTests.cs => GitPushCallbackModelTests.cs} (84%) diff --git a/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs b/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs index 17482de..194ba0a 100644 --- a/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs +++ b/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs @@ -68,11 +68,11 @@ protected async Task CreateDueReminders(IGitHubApi gitHubApi) await timeoutHandler.Run(null!, reminders, container); } - protected static HttpRequest CreateCallbackHttpRequest(CallbackModel callback) + protected static HttpRequest CreateCallbackHttpRequest(GitPushCallbackModel gitPushCallback) { var httpContext = new DefaultHttpContext(); var request = httpContext.Request; - var messageContent = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(callback, Formatting.None)); + var messageContent = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(gitPushCallback, Formatting.None)); request.Body = new MemoryStream(messageContent); request.Headers.Add("X-GitHub-Event", "push"); request.Headers.Add("X-Hub-Signature-256", diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/CallbackModelHelper.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/CallbackModelHelper.cs index c35ee99..91baee5 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/CallbackModelHelper.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/CallbackModelHelper.cs @@ -4,9 +4,9 @@ namespace Annoy_o_Bot.AcceptanceTests.Fakes; class CallbackModelHelper { - public static CallbackModel.CommitModel CreateCommitModel(string? added = null, string? modified = null, string? removed = null) + public static GitPushCallbackModel.CommitModel CreateCommitModel(string? added = null, string? modified = null, string? removed = null) { - var commit = new CallbackModel.CommitModel + var commit = new GitPushCallbackModel.CommitModel { Id = Guid.NewGuid().ToString(), Added = added != null ? new[] { added } : Array.Empty(), diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs index 15ed2b4..d5ada79 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs @@ -8,7 +8,7 @@ static class RepoHelperExtensions { private const string DefaultBranch = "main"; - public static CallbackModel CommitNewReminder(this FakeGitHubRepository repo, ReminderDefinition reminderDefinition, + public static GitPushCallbackModel CommitNewReminder(this FakeGitHubRepository repo, ReminderDefinition reminderDefinition, string? branch = null) { var filename = Guid.NewGuid().ToString("N"); @@ -19,13 +19,13 @@ public static CallbackModel CommitNewReminder(this FakeGitHubRepository repo, Re return repo.Commit(commit, branch); } - public static CallbackModel Commit(this FakeGitHubRepository repo, CallbackModel.CommitModel commit, + public static GitPushCallbackModel Commit(this FakeGitHubRepository repo, GitPushCallbackModel.CommitModel commit, string? branch = null) { - return new CallbackModel + return new GitPushCallbackModel { - Installation = new CallbackModel.InstallationModel() { Id = repo.InstallationId }, - Repository = new CallbackModel.RepositoryModel() { Id = repo.RepositoryId, DefaultBranch = DefaultBranch }, + Installation = new GitPushCallbackModel.InstallationModel() { Id = repo.InstallationId }, + Repository = new GitPushCallbackModel.RepositoryModel() { Id = repo.RepositoryId, DefaultBranch = DefaultBranch }, Ref = $"refs/heads/{branch ?? DefaultBranch}", HeadCommit = commit, Commits = new []{ commit } diff --git a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_not_stored.cs b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_not_stored.cs index b62a270..d3f8987 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_not_stored.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_not_stored.cs @@ -25,7 +25,7 @@ public async Task Should_create_reminder_in_database() }; var createCallback = appInstallation.CommitNewReminder(updatedReminder); - var updateCommit = new CallbackModel.CommitModel + var updateCommit = new GitPushCallbackModel.CommitModel { Id = Guid.NewGuid().ToString(), Modified = diff --git a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs index bede653..476ac4f 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs @@ -38,7 +38,7 @@ public async Task Should_update_reminder_in_database() }; appInstallation.AddFileContent(createCallback.Commits[0].Added[0], JsonSerializer.Serialize(updatedReminder)); - var updateCommit = new CallbackModel.CommitModel + var updateCommit = new GitPushCallbackModel.CommitModel { Id = Guid.NewGuid().ToString(), Modified = new[] diff --git a/Annoy-o-Bot.Tests/FileChangesTests.cs b/Annoy-o-Bot.Tests/FileChangesTests.cs index 2f8a3b0..db8f080 100644 --- a/Annoy-o-Bot.Tests/FileChangesTests.cs +++ b/Annoy-o-Bot.Tests/FileChangesTests.cs @@ -10,7 +10,7 @@ public class FileChangesTests [Fact] public void Should_return_empty_changes_when_no_commits() { - var result = CommitParser.GetChanges(new CallbackModel.CommitModel[0]); + var result = CommitParser.GetChanges(new GitPushCallbackModel.CommitModel[0]); Assert.Empty(result.New); Assert.Empty(result.Deleted); @@ -22,19 +22,19 @@ public void Should_aggregate_changes_from_all_commits() { var commitModel = new[] { - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Added = new []{ "a1" }, Modified = new []{ "m1" }, Removed = new [] { "r1"} }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Added = new []{ "a2" }, Modified = new []{ "m2" }, Removed = new [] { "r2"} }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Added = new []{ "a3" }, Modified = new []{ "m3" }, @@ -60,11 +60,11 @@ public void Should_handle_multiple_updates() { var commitModel = new[] { - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Modified = new []{ "file1" }, }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Modified = new [] { "file1"} } @@ -81,11 +81,11 @@ public void Should_handle_update_delete() { var commitModel = new[] { - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Modified = new []{ "file1" }, }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Removed = new [] { "file1"} } @@ -103,15 +103,15 @@ public void Should_handle_new_delete() { var commitModel = new[] { - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Added = new []{ "file1" }, }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Modified = new []{ "file1" }, }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Removed = new [] { "file1"} } @@ -130,15 +130,15 @@ public void Should_handle_new_update() { var commitModel = new[] { - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Added = new []{ "file1" }, }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Modified = new []{ "file1" }, }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Modified = new [] { "file1"} } @@ -157,15 +157,15 @@ public void Should_handle_delete_new() { var commitModel = new[] { - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Modified = new []{ "file1" }, }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Removed = new []{ "file1" }, }, - new CallbackModel.CommitModel + new GitPushCallbackModel.CommitModel { Added = new [] { "file1"} } diff --git a/Annoy-o-Bot.Tests/GitHub/Callbacks/CallbackModelTests.cs b/Annoy-o-Bot.Tests/GitHub/Callbacks/GitPushCallbackModelTests.cs similarity index 84% rename from Annoy-o-Bot.Tests/GitHub/Callbacks/CallbackModelTests.cs rename to Annoy-o-Bot.Tests/GitHub/Callbacks/GitPushCallbackModelTests.cs index 9d04dbf..90c1e1b 100644 --- a/Annoy-o-Bot.Tests/GitHub/Callbacks/CallbackModelTests.cs +++ b/Annoy-o-Bot.Tests/GitHub/Callbacks/GitPushCallbackModelTests.cs @@ -4,12 +4,12 @@ namespace Annoy_o_Bot.GitHub.Callbacks; -public class CallbackModelTests +public class GitPushCallbackModelTests { [Fact] public void NewFileAdded() { - var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/fileAdded.json")); + var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/fileAdded.json")); Assert.Equal("refs/heads/master", result.Ref); @@ -31,7 +31,7 @@ public void NewFileAdded() [Fact] public void MultiCommit() { - var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/multiCommitFileHistory.json")); + var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/multiCommitFileHistory.json")); Assert.Equal(4, result.Commits.Length); @@ -61,7 +61,7 @@ public void MultiCommit() [Fact] public void BranchDeleted() { - var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/branchDeleted.json")); + var result = JsonConvert.DeserializeObject(File.ReadAllText("requests/branchDeleted.json")); Assert.Null(result.HeadCommit); Assert.Empty(result.Commits); diff --git a/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs b/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs index b03f642..22bb6d1 100644 --- a/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/CallbackModel.cs @@ -5,7 +5,7 @@ namespace Annoy_o_Bot.GitHub.Callbacks; -public class CallbackModel +public class GitPushCallbackModel { public InstallationModel Installation { get; set; } public RepositoryModel Repository { get; set; } diff --git a/Annoy-o-Bot/GitHub/Callbacks/CallbackModelExtensions.cs b/Annoy-o-Bot/GitHub/Callbacks/CallbackModelExtensions.cs index a010777..1ce9e9c 100644 --- a/Annoy-o-Bot/GitHub/Callbacks/CallbackModelExtensions.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/CallbackModelExtensions.cs @@ -2,8 +2,8 @@ namespace Annoy_o_Bot.GitHub.Callbacks; public static class CallbackModelExtensions { - public static bool IsDefaultBranch(this CallbackModel callbackModel) + public static bool IsDefaultBranch(this GitPushCallbackModel gitPushCallbackModel) { - return callbackModel.Ref.EndsWith($"/{callbackModel.Repository.DefaultBranch}"); + return gitPushCallbackModel.Ref.EndsWith($"/{gitPushCallbackModel.Repository.DefaultBranch}"); } } \ No newline at end of file diff --git a/Annoy-o-Bot/GitHub/CommitParser.cs b/Annoy-o-Bot/GitHub/CommitParser.cs index c814f82..42cc5e5 100644 --- a/Annoy-o-Bot/GitHub/CommitParser.cs +++ b/Annoy-o-Bot/GitHub/CommitParser.cs @@ -12,7 +12,7 @@ public class FileChanges public class CommitParser { - public static FileChanges GetChanges(CallbackModel.CommitModel[] commits) + public static FileChanges GetChanges(GitPushCallbackModel.CommitModel[] commits) { var changes = new FileChanges(); From 9653343030bc60fba844071b31f1d55ff125c37b Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Tue, 13 Aug 2024 21:35:36 +0200 Subject: [PATCH 09/15] simplify check --- .../Parser/JsonReminderParserTests.cs | 2 -- Annoy-o-Bot/CallbackHandler.cs | 16 ++++++---------- .../GitHub/Callbacks/GitHubCallbackRequest.cs | 4 ++-- 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/Annoy-o-Bot.Tests/Parser/JsonReminderParserTests.cs b/Annoy-o-Bot.Tests/Parser/JsonReminderParserTests.cs index 3561f75..f1b4614 100644 --- a/Annoy-o-Bot.Tests/Parser/JsonReminderParserTests.cs +++ b/Annoy-o-Bot.Tests/Parser/JsonReminderParserTests.cs @@ -1,8 +1,6 @@ using System; using Annoy_o_Bot.Parser; using Newtonsoft.Json; -using Newtonsoft.Json.Converters; -using Newtonsoft.Json.Serialization; using Xunit; namespace Annoy_o_Bot.Tests.Parser diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index 581a2f1..b1572eb 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -34,12 +34,8 @@ public async Task Run( var secret = configuration.GetValue("WebhookSecret") ?? throw new Exception("Missing 'WebhookSecret' setting to validate GitHub callbacks."); var commitModel = await GitHubCallbackRequest.Validate(req, secret, log); - if (commitModel == null) - { - return new OkResult(); - } - if (commitModel.HeadCommit == null) + if (commitModel?.HeadCommit == null) { // no commits on push (e.g. branch delete) return new OkResult(); @@ -71,7 +67,7 @@ public async Task Run( return new OkResult(); } - async Task ApplyReminderDefinitions(FileChanges reminderChanges, CallbackModel requestObject, + async Task ApplyReminderDefinitions(FileChanges reminderChanges, GitPushCallbackModel requestObject, IGitHubRepository githubClient, CosmosClientWrapper cosmosWrapper, FileChanges fileChanges) { var newReminders = await LoadReminders(reminderChanges.New, requestObject, githubClient); @@ -108,7 +104,7 @@ await githubClient.CreateComment(requestObject.HeadCommit.Id, await DeleteRemovedReminders(fileChanges.Deleted, cosmosWrapper, requestObject, githubClient); } - async Task ValidateReminderDefinitions(FileChanges reminderChanges, CallbackModel requestObject, + async Task ValidateReminderDefinitions(FileChanges reminderChanges, GitPushCallbackModel requestObject, IGitHubRepository githubClient) { List<(string, ReminderDefinition)> newReminders; @@ -142,7 +138,7 @@ await TryCreateCheckRun(githubClient, requestObject.Repository.Id, } } - async Task CreateNewReminder(CosmosClientWrapper cosmosWrapper, CallbackModel requestObject, ReminderDefinition reminderDefinition, string fileName, + async Task CreateNewReminder(CosmosClientWrapper cosmosWrapper, GitPushCallbackModel requestObject, ReminderDefinition reminderDefinition, string fileName, IGitHubRepository githubClient) { var reminderDocument = ReminderDocument.New( @@ -169,7 +165,7 @@ private static async Task TryCreateCheckRun(IGitHubRepository installationClient } } - static async Task> LoadReminders(ICollection filePaths, CallbackModel requestObject, IGitHubRepository installationClient) + static async Task> LoadReminders(ICollection filePaths, GitPushCallbackModel requestObject, IGitHubRepository installationClient) { var results = new List<(string, ReminderDefinition)>(filePaths.Count); // potentially lower but never higher than number of files foreach (var filePath in filePaths) @@ -189,7 +185,7 @@ private static async Task TryCreateCheckRun(IGitHubRepository installationClient return results; } - async Task DeleteRemovedReminders(ICollection deletedFiles, CosmosClientWrapper cosmosWrapper, CallbackModel requestObject, IGitHubRepository client) + async Task DeleteRemovedReminders(ICollection deletedFiles, CosmosClientWrapper cosmosWrapper, GitPushCallbackModel requestObject, IGitHubRepository client) { foreach (var deletedReminder in deletedFiles) { diff --git a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs index 895c210..d0e6bc5 100644 --- a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs @@ -11,7 +11,7 @@ namespace Annoy_o_Bot.GitHub.Callbacks; public class GitHubCallbackRequest { - public static async Task Validate(HttpRequest callbackRequest, string gitHubSecret, ILogger log) + public static async Task Validate(HttpRequest callbackRequest, string gitHubSecret, ILogger log) { if (!IsGitCommitCallback(callbackRequest, log)) { @@ -27,7 +27,7 @@ public class GitHubCallbackRequest await ValidateSignature(requestBody, gitHubSecret, sha256SignatureHeaderValue.ToString().Replace("sha256=", "")); - return JsonConvert.DeserializeObject(requestBody); + return JsonConvert.DeserializeObject(requestBody); } static bool IsGitCommitCallback(HttpRequest callbackRequest, ILogger log) From de12b654b60a165b8fddd554422c1683f1662d39 Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Tue, 13 Aug 2024 21:41:03 +0200 Subject: [PATCH 10/15] namespace cleanups --- Annoy-o-Bot.Tests/FileChangesTests.cs | 9 ++++----- Annoy-o-Bot/GitHub/GitHubApi.cs | 5 ----- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/Annoy-o-Bot.Tests/FileChangesTests.cs b/Annoy-o-Bot.Tests/FileChangesTests.cs index db8f080..4080fbf 100644 --- a/Annoy-o-Bot.Tests/FileChangesTests.cs +++ b/Annoy-o-Bot.Tests/FileChangesTests.cs @@ -1,10 +1,9 @@ -using Annoy_o_Bot.GitHub.Callbacks; +using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Callbacks; +using Xunit; -namespace Annoy_o_Bot.Tests +namespace Annoy_o_Bot { - using Annoy_o_Bot.GitHub; - using Xunit; - public class FileChangesTests { [Fact] diff --git a/Annoy-o-Bot/GitHub/GitHubApi.cs b/Annoy-o-Bot/GitHub/GitHubApi.cs index 590ea09..02884de 100644 --- a/Annoy-o-Bot/GitHub/GitHubApi.cs +++ b/Annoy-o-Bot/GitHub/GitHubApi.cs @@ -1,11 +1,6 @@ using System; -using System.IO; -using System.Security.Cryptography; -using System.Text; using System.Threading.Tasks; -using Annoy_o_Bot.GitHub.Callbacks; using GitHubJwt; -using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; using Octokit; From dbe98825c3ab6393f8e77e91b3018d455a9b07eb Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Sun, 1 Dec 2024 22:34:30 +0100 Subject: [PATCH 11/15] split github implementations by http api and request callback --- Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs | 2 +- Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs | 4 +--- .../Fakes/FakeGitHubInstallation.cs | 2 +- .../Fakes/FakeGitHubRepository.cs | 2 +- .../Fakes/RepoHelperExtensions.cs | 1 - .../When_callback_type_not_push.cs | 1 - .../When_deleting_reminder_on_default_branch.cs | 4 +--- .../When_detecting_missing_reminder.cs | 1 - .../When_updating_reminder_on_default_branch.cs | 1 - Annoy-o-Bot.Tests/FileChangesTests.cs | 3 +-- Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs | 2 +- Annoy-o-Bot.Tests/GitHub/IssueMappingTests.cs | 2 +- Annoy-o-Bot.Tests/ReminderFilterTests.cs | 2 +- Annoy-o-Bot/CallbackHandler.cs | 9 ++++----- Annoy-o-Bot/CosmosDB/ICosmosClientWrapper.cs | 1 - Annoy-o-Bot/DetectMissingReminders.cs | 2 +- Annoy-o-Bot/GitHub/{ => Api}/GitHubApi.cs | 2 +- Annoy-o-Bot/GitHub/{ => Api}/GitHubInstallation.cs | 2 +- Annoy-o-Bot/GitHub/{ => Api}/GitHubRepository.cs | 5 ++--- Annoy-o-Bot/GitHub/{ => Api}/IGitHubApi.cs | 4 +--- Annoy-o-Bot/GitHub/{ => Api}/IGitHubInstallation.cs | 2 +- Annoy-o-Bot/GitHub/{ => Api}/IGitHubRepository.cs | 2 +- .../GitHub/{ => Api}/ReminderMappingExtensions.cs | 6 +++--- Annoy-o-Bot/GitHub/{ => Callbacks}/CommitParser.cs | 9 ++++----- Annoy-o-Bot/Program.cs | 2 +- Annoy-o-Bot/ReminderFilter.cs | 2 +- Annoy-o-Bot/TimeoutFunction.cs | 2 +- 27 files changed, 31 insertions(+), 46 deletions(-) rename Annoy-o-Bot/GitHub/{ => Api}/GitHubApi.cs (98%) rename Annoy-o-Bot/GitHub/{ => Api}/GitHubInstallation.cs (95%) rename Annoy-o-Bot/GitHub/{ => Api}/GitHubRepository.cs (96%) rename Annoy-o-Bot/GitHub/{ => Api}/IGitHubApi.cs (68%) rename Annoy-o-Bot/GitHub/{ => Api}/IGitHubInstallation.cs (80%) rename Annoy-o-Bot/GitHub/{ => Api}/IGitHubRepository.cs (92%) rename Annoy-o-Bot/GitHub/{ => Api}/ReminderMappingExtensions.cs (91%) rename Annoy-o-Bot/GitHub/{ => Callbacks}/CommitParser.cs (82%) diff --git a/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs b/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs index 709f5c3..94bd1a7 100644 --- a/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs +++ b/Annoy-o-Bot.AcceptanceTests/AcceptanceTest.cs @@ -1,7 +1,7 @@ using System.Security.Cryptography; using System.Text; using Annoy_o_Bot.CosmosDB; -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; using Annoy_o_Bot.GitHub.Callbacks; using Microsoft.AspNetCore.Http; using Microsoft.Azure.Cosmos; diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs index aef32cb..da41df1 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubApi.cs @@ -1,6 +1,4 @@ -using Annoy_o_Bot.GitHub; -using Annoy_o_Bot.GitHub.Callbacks; -using Microsoft.AspNetCore.Http; +using Annoy_o_Bot.GitHub.Api; namespace Annoy_o_Bot.AcceptanceTests.Fakes; diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubInstallation.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubInstallation.cs index 6fda632..89f3fa9 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubInstallation.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubInstallation.cs @@ -1,4 +1,4 @@ -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; namespace Annoy_o_Bot.AcceptanceTests.Fakes; diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubRepository.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubRepository.cs index d985caa..a801a11 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubRepository.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/FakeGitHubRepository.cs @@ -1,4 +1,4 @@ -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; using Octokit; namespace Annoy_o_Bot.AcceptanceTests.Fakes; diff --git a/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs b/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs index d5ada79..7787e63 100644 --- a/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs +++ b/Annoy-o-Bot.AcceptanceTests/Fakes/RepoHelperExtensions.cs @@ -1,6 +1,5 @@ using Annoy_o_Bot.GitHub.Callbacks; using Newtonsoft.Json; -using Octokit; namespace Annoy_o_Bot.AcceptanceTests.Fakes; diff --git a/Annoy-o-Bot.AcceptanceTests/When_callback_type_not_push.cs b/Annoy-o-Bot.AcceptanceTests/When_callback_type_not_push.cs index 8b6c723..c979abd 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_callback_type_not_push.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_callback_type_not_push.cs @@ -1,5 +1,4 @@ using Annoy_o_Bot.AcceptanceTests.Fakes; -using Annoy_o_Bot.GitHub; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging.Abstractions; using Xunit; diff --git a/Annoy-o-Bot.AcceptanceTests/When_deleting_reminder_on_default_branch.cs b/Annoy-o-Bot.AcceptanceTests/When_deleting_reminder_on_default_branch.cs index 4d091af..7dd25fb 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_deleting_reminder_on_default_branch.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_deleting_reminder_on_default_branch.cs @@ -1,6 +1,4 @@ -using System.Text.Json; -using Annoy_o_Bot.AcceptanceTests.Fakes; -using Annoy_o_Bot.CosmosDB; +using Annoy_o_Bot.AcceptanceTests.Fakes; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging.Abstractions; using Xunit; diff --git a/Annoy-o-Bot.AcceptanceTests/When_detecting_missing_reminder.cs b/Annoy-o-Bot.AcceptanceTests/When_detecting_missing_reminder.cs index 64fac97..09795ec 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_detecting_missing_reminder.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_detecting_missing_reminder.cs @@ -1,6 +1,5 @@ using Annoy_o_Bot.AcceptanceTests.Fakes; using Annoy_o_Bot.CosmosDB; -using Annoy_o_Bot.CosmosDB.Tests; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging.Abstractions; using Xunit; diff --git a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs index 476ac4f..cbbbfc6 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_updating_reminder_on_default_branch.cs @@ -1,6 +1,5 @@ using System.Text.Json; using Annoy_o_Bot.AcceptanceTests.Fakes; -using Annoy_o_Bot.CosmosDB; using Annoy_o_Bot.GitHub.Callbacks; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging.Abstractions; diff --git a/Annoy-o-Bot.Tests/FileChangesTests.cs b/Annoy-o-Bot.Tests/FileChangesTests.cs index 4080fbf..7f14438 100644 --- a/Annoy-o-Bot.Tests/FileChangesTests.cs +++ b/Annoy-o-Bot.Tests/FileChangesTests.cs @@ -1,5 +1,4 @@ -using Annoy_o_Bot.GitHub; -using Annoy_o_Bot.GitHub.Callbacks; +using Annoy_o_Bot.GitHub.Callbacks; using Xunit; namespace Annoy_o_Bot diff --git a/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs b/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs index ca39586..148c00f 100644 --- a/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs +++ b/Annoy-o-Bot.Tests/GitHub/GitHubHelperTests.cs @@ -2,7 +2,7 @@ using System; using System.Threading.Tasks; using Xunit; -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; using Annoy_o_Bot.GitHub.Callbacks; namespace Annoy_o_Bot.Tests diff --git a/Annoy-o-Bot.Tests/GitHub/IssueMappingTests.cs b/Annoy-o-Bot.Tests/GitHub/IssueMappingTests.cs index 2627b36..ca069cc 100644 --- a/Annoy-o-Bot.Tests/GitHub/IssueMappingTests.cs +++ b/Annoy-o-Bot.Tests/GitHub/IssueMappingTests.cs @@ -1,4 +1,4 @@ -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; using Xunit; namespace Annoy_o_Bot.Tests.GitHub; diff --git a/Annoy-o-Bot.Tests/ReminderFilterTests.cs b/Annoy-o-Bot.Tests/ReminderFilterTests.cs index 848eb87..97ae2b9 100644 --- a/Annoy-o-Bot.Tests/ReminderFilterTests.cs +++ b/Annoy-o-Bot.Tests/ReminderFilterTests.cs @@ -1,4 +1,4 @@ -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Callbacks; namespace Annoy_o_Bot.Tests { diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index b1572eb..8897e9c 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -1,6 +1,5 @@ using System; using System.Collections.Generic; -using System.IO; using System.Linq; using System.Threading.Tasks; using Annoy_o_Bot.CosmosDB; @@ -9,7 +8,7 @@ using Microsoft.Extensions.Logging; using Octokit; using Annoy_o_Bot.Parser; -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; using Annoy_o_Bot.GitHub.Callbacks; using Microsoft.Azure.Cosmos; using Microsoft.Extensions.Configuration; @@ -51,17 +50,17 @@ public async Task Run( commitsToConsider = [commitsToConsider.Last()]; } - var githubClient = await gitHubApi.GetRepository(commitModel.Installation.Id, commitModel.Repository.Id); + var githubRepository = await gitHubApi.GetRepository(commitModel.Installation.Id, commitModel.Repository.Id); var fileChanges = CommitParser.GetChanges(commitsToConsider); var reminderChanges = ReminderFilter.FilterReminders(fileChanges); if (commitModel.IsDefaultBranch()) { - await ApplyReminderDefinitions(reminderChanges, commitModel, githubClient, cosmosWrapper, fileChanges); + await ApplyReminderDefinitions(reminderChanges, commitModel, githubRepository, cosmosWrapper, fileChanges); } else { - await ValidateReminderDefinitions(reminderChanges, commitModel, githubClient); + await ValidateReminderDefinitions(reminderChanges, commitModel, githubRepository); } return new OkResult(); diff --git a/Annoy-o-Bot/CosmosDB/ICosmosClientWrapper.cs b/Annoy-o-Bot/CosmosDB/ICosmosClientWrapper.cs index 2ef0dd8..46ca3e6 100644 --- a/Annoy-o-Bot/CosmosDB/ICosmosClientWrapper.cs +++ b/Annoy-o-Bot/CosmosDB/ICosmosClientWrapper.cs @@ -1,7 +1,6 @@  using System.Collections.Generic; using System.Threading.Tasks; -using Microsoft.Azure.Cosmos; namespace Annoy_o_Bot.CosmosDB; diff --git a/Annoy-o-Bot/DetectMissingReminders.cs b/Annoy-o-Bot/DetectMissingReminders.cs index 13f1bf1..25930d9 100644 --- a/Annoy-o-Bot/DetectMissingReminders.cs +++ b/Annoy-o-Bot/DetectMissingReminders.cs @@ -2,7 +2,7 @@ using System.Linq; using System.Threading.Tasks; using Annoy_o_Bot.CosmosDB; -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; using Annoy_o_Bot.Parser; using Microsoft.AspNetCore.Http; using Microsoft.Azure.Cosmos; diff --git a/Annoy-o-Bot/GitHub/GitHubApi.cs b/Annoy-o-Bot/GitHub/Api/GitHubApi.cs similarity index 98% rename from Annoy-o-Bot/GitHub/GitHubApi.cs rename to Annoy-o-Bot/GitHub/Api/GitHubApi.cs index 02884de..0e2efd8 100644 --- a/Annoy-o-Bot/GitHub/GitHubApi.cs +++ b/Annoy-o-Bot/GitHub/Api/GitHubApi.cs @@ -4,7 +4,7 @@ using Microsoft.Extensions.Logging; using Octokit; -namespace Annoy_o_Bot.GitHub; +namespace Annoy_o_Bot.GitHub.Api; public class GitHubApi : IGitHubApi { diff --git a/Annoy-o-Bot/GitHub/GitHubInstallation.cs b/Annoy-o-Bot/GitHub/Api/GitHubInstallation.cs similarity index 95% rename from Annoy-o-Bot/GitHub/GitHubInstallation.cs rename to Annoy-o-Bot/GitHub/Api/GitHubInstallation.cs index 45e4d85..08268df 100644 --- a/Annoy-o-Bot/GitHub/GitHubInstallation.cs +++ b/Annoy-o-Bot/GitHub/Api/GitHubInstallation.cs @@ -2,7 +2,7 @@ using Microsoft.Extensions.Logging; using Octokit; -namespace Annoy_o_Bot.GitHub; +namespace Annoy_o_Bot.GitHub.Api; class GitHubInstallation : IGitHubInstallation { diff --git a/Annoy-o-Bot/GitHub/GitHubRepository.cs b/Annoy-o-Bot/GitHub/Api/GitHubRepository.cs similarity index 96% rename from Annoy-o-Bot/GitHub/GitHubRepository.cs rename to Annoy-o-Bot/GitHub/Api/GitHubRepository.cs index a375c08..546d72e 100644 --- a/Annoy-o-Bot/GitHub/GitHubRepository.cs +++ b/Annoy-o-Bot/GitHub/Api/GitHubRepository.cs @@ -1,11 +1,10 @@ -using System; -using System.Collections.Generic; +using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.Extensions.Logging; using Octokit; -namespace Annoy_o_Bot.GitHub; +namespace Annoy_o_Bot.GitHub.Api; public class GitHubRepository : IGitHubRepository { diff --git a/Annoy-o-Bot/GitHub/IGitHubApi.cs b/Annoy-o-Bot/GitHub/Api/IGitHubApi.cs similarity index 68% rename from Annoy-o-Bot/GitHub/IGitHubApi.cs rename to Annoy-o-Bot/GitHub/Api/IGitHubApi.cs index 043754d..8c9208b 100644 --- a/Annoy-o-Bot/GitHub/IGitHubApi.cs +++ b/Annoy-o-Bot/GitHub/Api/IGitHubApi.cs @@ -1,8 +1,6 @@ using System.Threading.Tasks; -using Annoy_o_Bot.GitHub.Callbacks; -using Microsoft.AspNetCore.Http; -namespace Annoy_o_Bot.GitHub; +namespace Annoy_o_Bot.GitHub.Api; public interface IGitHubApi { diff --git a/Annoy-o-Bot/GitHub/IGitHubInstallation.cs b/Annoy-o-Bot/GitHub/Api/IGitHubInstallation.cs similarity index 80% rename from Annoy-o-Bot/GitHub/IGitHubInstallation.cs rename to Annoy-o-Bot/GitHub/Api/IGitHubInstallation.cs index b990cc0..6a8bbd1 100644 --- a/Annoy-o-Bot/GitHub/IGitHubInstallation.cs +++ b/Annoy-o-Bot/GitHub/Api/IGitHubInstallation.cs @@ -1,6 +1,6 @@ using System.Threading.Tasks; -namespace Annoy_o_Bot.GitHub; +namespace Annoy_o_Bot.GitHub.Api; public interface IGitHubInstallation { diff --git a/Annoy-o-Bot/GitHub/IGitHubRepository.cs b/Annoy-o-Bot/GitHub/Api/IGitHubRepository.cs similarity index 92% rename from Annoy-o-Bot/GitHub/IGitHubRepository.cs rename to Annoy-o-Bot/GitHub/Api/IGitHubRepository.cs index 314398a..7f0979c 100644 --- a/Annoy-o-Bot/GitHub/IGitHubRepository.cs +++ b/Annoy-o-Bot/GitHub/Api/IGitHubRepository.cs @@ -2,7 +2,7 @@ using System.Threading.Tasks; using Octokit; -namespace Annoy_o_Bot.GitHub; +namespace Annoy_o_Bot.GitHub.Api; public interface IGitHubRepository { diff --git a/Annoy-o-Bot/GitHub/ReminderMappingExtensions.cs b/Annoy-o-Bot/GitHub/Api/ReminderMappingExtensions.cs similarity index 91% rename from Annoy-o-Bot/GitHub/ReminderMappingExtensions.cs rename to Annoy-o-Bot/GitHub/Api/ReminderMappingExtensions.cs index 6887f72..bfc1783 100644 --- a/Annoy-o-Bot/GitHub/ReminderMappingExtensions.cs +++ b/Annoy-o-Bot/GitHub/Api/ReminderMappingExtensions.cs @@ -1,8 +1,8 @@ -using Octokit; +using System; using System.Linq; -using System; +using Octokit; -namespace Annoy_o_Bot.GitHub; +namespace Annoy_o_Bot.GitHub.Api; public static class ReminderMappingExtensions { diff --git a/Annoy-o-Bot/GitHub/CommitParser.cs b/Annoy-o-Bot/GitHub/Callbacks/CommitParser.cs similarity index 82% rename from Annoy-o-Bot/GitHub/CommitParser.cs rename to Annoy-o-Bot/GitHub/Callbacks/CommitParser.cs index 42cc5e5..e1319f8 100644 --- a/Annoy-o-Bot/GitHub/CommitParser.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/CommitParser.cs @@ -1,13 +1,12 @@ using System.Collections.Generic; -using Annoy_o_Bot.GitHub.Callbacks; -namespace Annoy_o_Bot.GitHub +namespace Annoy_o_Bot.GitHub.Callbacks { public class FileChanges { - public HashSet New { get; set; } = new HashSet(); - public HashSet Updated { get; set; } = new HashSet(); - public HashSet Deleted { get; set; } = new HashSet(); + public HashSet New { get; set; } = []; + public HashSet Updated { get; set; } = []; + public HashSet Deleted { get; set; } = []; } public class CommitParser diff --git a/Annoy-o-Bot/Program.cs b/Annoy-o-Bot/Program.cs index 6362f20..4e52b78 100644 --- a/Annoy-o-Bot/Program.cs +++ b/Annoy-o-Bot/Program.cs @@ -1,4 +1,4 @@ -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; diff --git a/Annoy-o-Bot/ReminderFilter.cs b/Annoy-o-Bot/ReminderFilter.cs index 91e1736..85f31cb 100644 --- a/Annoy-o-Bot/ReminderFilter.cs +++ b/Annoy-o-Bot/ReminderFilter.cs @@ -1,4 +1,4 @@ -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Callbacks; namespace Annoy_o_Bot { diff --git a/Annoy-o-Bot/TimeoutFunction.cs b/Annoy-o-Bot/TimeoutFunction.cs index eed3822..204b793 100644 --- a/Annoy-o-Bot/TimeoutFunction.cs +++ b/Annoy-o-Bot/TimeoutFunction.cs @@ -2,7 +2,7 @@ using System.Collections.Generic; using System.Threading.Tasks; using Annoy_o_Bot.CosmosDB; -using Annoy_o_Bot.GitHub; +using Annoy_o_Bot.GitHub.Api; using Microsoft.Azure.Cosmos; using Microsoft.Extensions.Logging; using Octokit; From fd36c73a4e9af968dd34b96e15e49966233dbfa4 Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Sun, 1 Dec 2024 22:38:45 +0100 Subject: [PATCH 12/15] move exception handling into acl --- Annoy-o-Bot/CallbackHandler.cs | 10 +----- Annoy-o-Bot/GitHub/Api/GitHubRepository.cs | 39 +++++++++++----------- 2 files changed, 20 insertions(+), 29 deletions(-) diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index 8897e9c..647d3ce 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -153,15 +153,7 @@ await githubClient.CreateComment(requestObject.HeadCommit.Id, private static async Task TryCreateCheckRun(IGitHubRepository installationClient, long repositoryId, NewCheckRun checkRun, ILogger logger) { - // Ignore check run failures for now. Check run permissions were added later, so users might not have granted permissions to add check runs. - try - { - await installationClient.CreateCheckRun(checkRun); - } - catch (Exception e) - { - logger.LogWarning(e, $"Failed to create check run for repository {repositoryId}."); - } + await installationClient.CreateCheckRun(checkRun); } static async Task> LoadReminders(ICollection filePaths, GitPushCallbackModel requestObject, IGitHubRepository installationClient) diff --git a/Annoy-o-Bot/GitHub/Api/GitHubRepository.cs b/Annoy-o-Bot/GitHub/Api/GitHubRepository.cs index 546d72e..0b22691 100644 --- a/Annoy-o-Bot/GitHub/Api/GitHubRepository.cs +++ b/Annoy-o-Bot/GitHub/Api/GitHubRepository.cs @@ -1,4 +1,5 @@ -using System.Collections.Generic; +using System; +using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.Extensions.Logging; @@ -6,24 +7,14 @@ namespace Annoy_o_Bot.GitHub.Api; -public class GitHubRepository : IGitHubRepository +public class GitHubRepository(GitHubClient gitHubClient, long repositoryId, ILogger logger) + : IGitHubRepository { - readonly GitHubClient installationClient; - readonly long repositoryId; - readonly ILogger logger; - - public GitHubRepository(GitHubClient gitHubClient, long repositoryId, ILogger logger) - { - this.repositoryId = repositoryId; - this.logger = logger; - installationClient = gitHubClient; - } - public async Task> ReadAllRemindersFromDefaultBranch() { try { - var reminders = await installationClient.Repository.Content.GetAllContents(repositoryId, ".reminders"); + var reminders = await gitHubClient.Repository.Content.GetAllContents(repositoryId, ".reminders"); return reminders.Select(content => content.Path).ToList(); } catch (NotFoundException e) @@ -39,13 +30,13 @@ public async Task ReadFileContent(string filePath, string? branchReferen if (branchReference == null) { - contents = await installationClient.Repository.Content.GetAllContentsByRef( + contents = await gitHubClient.Repository.Content.GetAllContentsByRef( repositoryId, filePath); } else { - contents = await installationClient.Repository.Content.GetAllContentsByRef( + contents = await gitHubClient.Repository.Content.GetAllContentsByRef( repositoryId, filePath, branchReference); @@ -54,14 +45,22 @@ public async Task ReadFileContent(string filePath, string? branchReferen return contents.First().Content; } - public Task CreateCheckRun(NewCheckRun checkRun) + public async Task CreateCheckRun(NewCheckRun checkRun) { - return installationClient.Check.Run.Create(repositoryId, checkRun); + try + { + await gitHubClient.Check.Run.Create(repositoryId, checkRun); + } + catch (Exception e) + { + // Ignore check run failures for now. Check run permissions were added later, so users might not have granted permissions to add check runs. + logger.LogWarning(e, $"Failed to create check run for repository {repositoryId}."); + } } public Task CreateComment(string commitId, string comment) { - return installationClient.Repository.Comment.Create( + return gitHubClient.Repository.Comment.Create( repositoryId, commitId, new NewCommitComment(comment)); @@ -69,6 +68,6 @@ public Task CreateComment(string commitId, string comment) public Task CreateIssue(NewIssue issue) { - return installationClient.Issue.Create(repositoryId, issue); + return gitHubClient.Issue.Create(repositoryId, issue); } } \ No newline at end of file From fcbcdf346ac96d0e30628c19313d964b9d5cff8d Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Sun, 1 Dec 2024 22:39:01 +0100 Subject: [PATCH 13/15] inline local method --- Annoy-o-Bot/CallbackHandler.cs | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/Annoy-o-Bot/CallbackHandler.cs b/Annoy-o-Bot/CallbackHandler.cs index 647d3ce..48357b1 100644 --- a/Annoy-o-Bot/CallbackHandler.cs +++ b/Annoy-o-Bot/CallbackHandler.cs @@ -114,26 +114,24 @@ async Task ValidateReminderDefinitions(FileChanges reminderChanges, GitPushCallb } catch (Exception e) { - await TryCreateCheckRun(githubClient, requestObject.Repository.Id, - new NewCheckRun("annoy-o-bot", requestObject.HeadCommit.Id) - { - Status = CheckStatus.Completed, - Conclusion = CheckConclusion.Failure, - Output = new NewCheckRunOutput( - "Invalid reminder definition", - "The provided reminder seems to be invalid or incorrect." + e.Message) - }, log); + await githubClient.CreateCheckRun(new NewCheckRun("annoy-o-bot", requestObject.HeadCommit.Id) + { + Status = CheckStatus.Completed, + Conclusion = CheckConclusion.Failure, + Output = new NewCheckRunOutput( + "Invalid reminder definition", + "The provided reminder seems to be invalid or incorrect." + e.Message) + }); throw; } if (newReminders.Any()) { - await TryCreateCheckRun(githubClient, requestObject.Repository.Id, - new NewCheckRun("annoy-o-bot", requestObject.HeadCommit.Id) - { - Status = CheckStatus.Completed, - Conclusion = CheckConclusion.Success - }, log); + await githubClient.CreateCheckRun(new NewCheckRun("annoy-o-bot", requestObject.HeadCommit.Id) + { + Status = CheckStatus.Completed, + Conclusion = CheckConclusion.Success + }); } } @@ -151,11 +149,6 @@ await githubClient.CreateComment(requestObject.HeadCommit.Id, $"Created reminder '{reminderDefinition.Title}' for {reminderDefinition.Date:D}"); } - private static async Task TryCreateCheckRun(IGitHubRepository installationClient, long repositoryId, NewCheckRun checkRun, ILogger logger) - { - await installationClient.CreateCheckRun(checkRun); - } - static async Task> LoadReminders(ICollection filePaths, GitPushCallbackModel requestObject, IGitHubRepository installationClient) { var results = new List<(string, ReminderDefinition)>(filePaths.Count); // potentially lower but never higher than number of files From 1123cf70472803614d79f8ac31adb93491c49ca3 Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Sun, 1 Dec 2024 22:41:14 +0100 Subject: [PATCH 14/15] inline variable --- Annoy-o-Bot/TimeoutFunction.cs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Annoy-o-Bot/TimeoutFunction.cs b/Annoy-o-Bot/TimeoutFunction.cs index 204b793..31059ca 100644 --- a/Annoy-o-Bot/TimeoutFunction.cs +++ b/Annoy-o-Bot/TimeoutFunction.cs @@ -43,12 +43,10 @@ public async Task Run( { reminderDocument.CalculateNextReminder(now); - var newIssue = reminderDocument.Reminder.ToGitHubIssue(); - log.LogDebug($"Scheduling next due date for reminder {reminderDocument.Id} for {reminderDocument.NextReminder}"); var repository = await gitHubApi.GetRepository(reminderDocument.InstallationId, reminderDocument.RepositoryId); - var issue = await repository.CreateIssue(newIssue); + var issue = await repository.CreateIssue(reminderDocument.Reminder.ToGitHubIssue()); log.LogInformation($"Created reminder issue #{issue.Number} based on reminder {reminderDocument.Id}"); From 2f3c9e3e482af7662b04a0743035d811ffc8352a Mon Sep 17 00:00:00 2001 From: Tim Bussmann Date: Sun, 1 Dec 2024 22:56:13 +0100 Subject: [PATCH 15/15] fix test --- .../When_request_signature_does_not_match.cs | 5 +++-- Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Annoy-o-Bot.AcceptanceTests/When_request_signature_does_not_match.cs b/Annoy-o-Bot.AcceptanceTests/When_request_signature_does_not_match.cs index 4fec36f..faa1cab 100644 --- a/Annoy-o-Bot.AcceptanceTests/When_request_signature_does_not_match.cs +++ b/Annoy-o-Bot.AcceptanceTests/When_request_signature_does_not_match.cs @@ -9,19 +9,20 @@ public class When_request_signature_does_not_match : AcceptanceTest [Fact] public async Task Should_return_error() { + const string InvalidSignature = "sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"; var gitHubApi = new FakeGitHubApi(); var repository = gitHubApi.CreateNewRepository(); var request = CreateCallbackHttpRequest(repository.Commit(CallbackModelHelper.CreateCommitModel())); var requestHash = request.Headers["X-Hub-Signature-256"]; - request.Headers["X-Hub-Signature-256"] = "1234567890"; // this is not the incorrect but the expected signature in this test + request.Headers["X-Hub-Signature-256"] = InvalidSignature; // this is not the incorrect but the expected signature in this test var handler = new CallbackHandler(gitHubApi, configurationBuilder.Build(), NullLogger.Instance); var exception = await Assert.ThrowsAnyAsync(() => handler.Run(request, container)); Assert.Contains( - $"Computed request payload signature ('{requestHash}') does not match provided signature ('{request.Headers["X-Hub-Signature-256"]}')", + $"Computed request payload signature ('{requestHash}') does not match provided signature ('{InvalidSignature}')", exception.Message); } diff --git a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs index d0e6bc5..0324ac9 100644 --- a/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs +++ b/Annoy-o-Bot/GitHub/Callbacks/GitHubCallbackRequest.cs @@ -58,7 +58,7 @@ public static async Task ValidateSignature(string signedText, string secret, str if (!string.Equals(sha256Signature, hashString, StringComparison.OrdinalIgnoreCase)) { - throw new Exception($"Computed request payload signature ('{hashString}') does not match provided signature ('{sha256Signature}'). Signed text: '{signedText}'"); + throw new Exception($"Computed request payload signature ('sha256={hashString}') does not match provided signature ('sha256={sha256Signature}'). Signed text: '{signedText}'"); } } } \ No newline at end of file