Added gitea support

Author: TCA166

README.md

@@ -1,6 +1,6 @@
 # gitWebhook
 
-A Python library providing [Flask blueprints](https://flask.palletsprojects.com/en/3.0.x/blueprints/) for receiving GitHub or GitLab webhooks and acting upon them.
+A Python library providing [Flask blueprints](https://flask.palletsprojects.com/en/3.0.x/blueprints/) for receiving GitHub, GitLab or Gitea webhooks and acting upon them.
 The library provides webhooks allowing for automatic deployment, testing and integrations.
 However due to the open ended nature of the blueprint this behavior can be easily customized thanks to the very open ended class dependency tree.
 
@@ -9,7 +9,7 @@ However due to the open ended nature of the blueprint this behavior can be easil
 1. Setup the webhook on the git side
    During the setup be sure to pay close attention to any opportunities to input any sort of secret key.
    You will need that key later if you want to enable webhook verification **THIS IS SOMETHING THAT I GREATLY ADVISE YOU DO**.
-   For GitHub that would be the secret string that you provide [during creation](https://docs.github.com/en/webhooks/using-webhooks/creating-webhooks#creating-a-repository-webhook) and for GitLab that would be the [secret token](https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#validate-payloads-by-using-a-secret-token).
+   For GitHub that would be the secret string that you provide [during creation](https://docs.github.com/en/webhooks/using-webhooks/creating-webhooks#creating-a-repository-webhook), for GitLab that would be the [secret token](https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#validate-payloads-by-using-a-secret-token) and for Gitea that would be the [authorization token](https://docs.gitea.com/usage/webhooks#authorization-header).
 2. Install this package
     - Using pip
 

gitWebhook/webhook.py

@@ -22,6 +22,8 @@ def verifyGitlabRequest(request: Request, token:str) -> bool:
     """Verify the GitLab token of a webhook request"""
     return request.headers.get(GITLAB_HEADER) == token
 
+# TODO add IP whitelisting, limiting to one git type, automatic github IP whitelisting
+
 class webhookBlueprint(Blueprint, gitWebhookBlueprintABC):
     """Wrapper over the flask blueprint that creates an endpoint for receiving and processing git webhooks. Overwrite the processWebhook method to process the webhook data."""
 
@@ -47,13 +49,18 @@ def receiveWebhook(self) -> Response:
             if GITHUB_HEADER in request.headers:
                 if not verifyGithubRequest(request, self.webhookToken):
                     if self.log is not None:
-                        self.log.warning("A request with an invalid GitHub signature")
+                        self.log.warning("A request with an invalid GitHub signaturez")
                     abort(401)
-            elif GITLAB_HEADER:
+            elif GITLAB_HEADER in request.headers:
                 if not verifyGitlabRequest(request, self.webhookToken):
                     if self.log is not None:
                         self.log.warning("A request with an invalid GitLab token")
                     abort(401)
+            elif request.authorization is not None: # basic authorization which is what Gitea uses
+                if not str(request.authorization) == self.webhookToken:
+                    if self.log is not None:
+                        self.log.warning("A request with an invalid basic authorization")
+                    abort(401)
             else:
                 if self.log is not None:
                     self.log.warning("A request with no signature found")

test.py

@@ -1,5 +1,5 @@
 import unittest
-from flask import Request, request, Flask
+from flask import Request, Flask
 from gitWebhook.webhook import verifyGithubRequest, verifyGitlabRequest, webhookBlueprint
 from gitWebhook.functionWebhook import functionWebhookBlueprint
 import random
@@ -13,6 +13,7 @@ def __init__(self, token:str):
         self.data = random.randbytes(50)
         hash_object = hmacNew(token.encode("utf-8"), msg=self.data, digestmod=sha256)
         self.headers = {"X-Hub-Signature-256": f"sha256={hash_object.hexdigest()}", "X-Gitlab-Token":token}
+        
     def get_data(self):
         return self.data
 
@@ -21,16 +22,20 @@ def setUp(self) -> None:
         self.validRequest = testingRequest(VALID_TOKEN)
         self.invalidRequest = testingRequest("12345")
         return super().setUp()
+    
     def testVerifyGithubRequest(self):
         self.assertTrue(verifyGithubRequest(self.validRequest, VALID_TOKEN))
         self.assertFalse(verifyGithubRequest(self.validRequest, "12345"))
         self.assertFalse(verifyGithubRequest(self.invalidRequest, VALID_TOKEN))
         self.assertFalse(verifyGithubRequest(self.invalidRequest, "12346"))
+        
     def testVerifyGitlabRequest(self):
         self.assertTrue(verifyGitlabRequest(self.validRequest, "1234"))
         self.assertFalse(verifyGitlabRequest(self.validRequest, "12345"))
         self.assertFalse(verifyGitlabRequest(self.invalidRequest, "1234"))
 
+# TODO add tests for basic auth
+
 class TestWehbookBlueprint(unittest.TestCase):
     def setUp(self) -> None:
         self.webhook = webhookBlueprint(VALID_TOKEN, name="valid")
@@ -41,27 +46,51 @@ def setUp(self) -> None:
         self.app.config.update({"TESTING": True})
         self.client = self.app.test_client()
         return super().setUp()
-    def testReceiveWebhookValid(self):
+    
+    def testReceiveWebhookValidGithub(self):
         request = testingRequest(VALID_TOKEN)
-        resp = self.client.post("/valid/", headers=request.headers, data=request.data)
+        limitedHeaders = {"X-Hub-Signature-256":request.headers["X-Hub-Signature-256"]}
+        resp = self.client.post("/valid/", headers=limitedHeaders, data=request.data)
         self.assertEqual(resp.status_code, 415)
-        request.headers["Content-Type"] = "application/json"
-        resp = self.client.post("/valid/", headers=request.headers, data=request.data)
+        limitedHeaders["Content-Type"] = "application/json"
+        resp = self.client.post("/valid/", headers=limitedHeaders, data=request.data)
         self.assertEqual(resp.status_code, 400) #no json
+        
+    def testReceiveWebhookValidGitlab(self):
+        request = testingRequest(VALID_TOKEN)
+        limitedHeaders = {"X-Gitlab-Token":request.headers["X-Gitlab-Token"]}
+        resp = self.client.post("/valid/", headers=limitedHeaders, data=request.data)
+        self.assertEqual(resp.status_code, 415)
+        limitedHeaders["Content-Type"] = "application/json"
+        resp = self.client.post("/valid/", headers=limitedHeaders, data=request.data)
+        self.assertEqual(resp.status_code, 400)
+    
     def testReceiveWebhookInvalidNoCheck(self):
         request = testingRequest("123")
         resp = self.client.post("/noToken/", headers=request.headers, data=request.data)
         self.assertEqual(resp.status_code, 415)
         request.headers["Content-Type"] = "application/json"
         resp = self.client.post("/noToken/", headers=request.headers, data=request.data)
         self.assertEqual(resp.status_code, 400)
-    def testReceiveWebhookInvalidCheck(self):
+        
+    def testReceiveWebhookInvalidCheckGithub(self):
         request = testingRequest("123")
-        resp = self.client.post("/valid/", headers=request.headers, data=request.data)
+        limitedHeaders = {"X-Hub-Signature-256":request.headers["X-Hub-Signature-256"]}
+        resp = self.client.post("/valid/", headers=limitedHeaders, data=request.data)
         self.assertEqual(resp.status_code, 415)
-        request.headers["Content-Type"] = "application/json"
-        resp = self.client.post("/valid/", headers=request.headers, data=request.data)
+        limitedHeaders["Content-Type"] = "application/json"
+        resp = self.client.post("/valid/", headers=limitedHeaders, data=request.data)
         self.assertEqual(resp.status_code, 401)
+    
+    def testReceiveWebhookInvalidCheckGitlab(self):
+        request = testingRequest("123")
+        limitedHeaders = {"X-Gitlab-Token":request.headers["X-Gitlab-Token"]}
+        resp = self.client.post("/valid/", headers=limitedHeaders, data=request.data)
+        self.assertEqual(resp.status_code, 415)
+        limitedHeaders["Content-Type"] = "application/json"
+        resp = self.client.post("/valid/", headers=limitedHeaders, data=request.data)
+        self.assertEqual(resp.status_code, 401)
+
     def testProcessWebhook(self):
         self.assertEqual(self.webhook.processWebhook({"test":"test"}), (200, "OK"))
         self.assertEqual(self.webhookNoToken.processWebhook({"test":"test"}), (200, "OK"))
@@ -75,20 +104,23 @@ def setUp(self) -> None:
         self.app.config.update({"TESTING": True})
         self.client = self.app.test_client()
         return super().setUp()
+    
     def testReceiveWebhookValid(self):
         request = testingRequest(VALID_TOKEN)
         resp = self.client.post("/valid/", headers=request.headers, data=request.data)
         self.assertEqual(resp.status_code, 415)
         request.headers["Content-Type"] = "application/json"
         resp = self.client.post("/valid/", headers=request.headers, data=request.data)
         self.assertEqual(resp.status_code, 400) #no json
+        
     def testReceiveWebhookInvalidCheck(self):
         request = testingRequest("123")
         resp = self.client.post("/valid/", headers=request.headers, data=request.data)
         self.assertEqual(resp.status_code, 415)
         request.headers["Content-Type"] = "application/json"
         resp = self.client.post("/valid/", headers=request.headers, data=request.data)
         self.assertEqual(resp.status_code, 401)
+        
     def testProcessWebhook(self):
         self.assertEqual(self.webhook.processWebhook({"test":"test"}), (400, "Function <lambda> returned false"))