Don't use legacy method to send Matrix Webhook (#12348)

S7evinK · techknowlogick · web-flow · commit bf6014644401 · 2020-07-30T18:04:19.000-04:00
* Don't use legacy send for messages

* Add migrations to ensure Matrix webhooks use PUT

* Set HTTP method to PUT as default

* Fix sql condition..

Signed-off-by: Till Faelligen &lt;tfaelligen@gmail.com&gt;

* Rename getTxnID -&gt; getMatrixTxnID

* Use local variable instead of constant value

Co-authored-by: techknowlogick &lt;techknowlogick@gitea.io&gt;
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
@@ -220,6 +220,8 @@ var migrations = []Migration{
 	NewMigration("Ensure Repository.IsArchived is not null", setIsArchivedToFalse),
 	// v143 -> v144
 	NewMigration("recalculate Stars number for all user", recalculateStars),
+	// v144 -> v145
+	NewMigration("update Matrix Webhook http method to 'PUT'", updateMatrixWebhookHTTPMethod),
 }
 
 // GetCurrentDBVersion returns the current db version
diff --git a/models/migrations/v144.go b/models/migrations/v144.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"code.gitea.io/gitea/modules/log"
+	"xorm.io/builder"
+	"xorm.io/xorm"
+)
+
+func updateMatrixWebhookHTTPMethod(x *xorm.Engine) error {
+	var matrixHookTaskType = 9 // value comes from the models package
+	type Webhook struct {
+		HTTPMethod string
+	}
+
+	cond := builder.Eq{"hook_task_type": matrixHookTaskType}.And(builder.Neq{"http_method": "PUT"})
+	count, err := x.Where(cond).Cols("http_method").Update(&Webhook{HTTPMethod: "PUT"})
+	if err == nil {
+		log.Debug("Updated %d Matrix webhooks with http_method 'PUT'", count)
+	}
+	return err
+}
diff --git a/modules/webhook/deliver.go b/modules/webhook/deliver.go
@@ -77,17 +77,20 @@ func Deliver(t *models.HookTask) error {
 		if err != nil {
 			return err
 		}
+	case http.MethodPut:
+		switch t.Type {
+		case models.MATRIX:
+			req, err = getMatrixHookRequest(t)
+			if err != nil {
+				return err
+			}
+		default:
+			return fmt.Errorf("Invalid http method for webhook: [%d] %v", t.ID, t.HTTPMethod)
+		}
 	default:
 		return fmt.Errorf("Invalid http method for webhook: [%d] %v", t.ID, t.HTTPMethod)
 	}
 
-	if t.Type == models.MATRIX {
-		req, err = getMatrixHookRequest(t)
-		if err != nil {
-			return err
-		}
-	}
-
 	req.Header.Add("X-Gitea-Delivery", t.UUID)
 	req.Header.Add("X-Gitea-Event", t.EventType.Event())
 	req.Header.Add("X-Gitea-Signature", t.Signature)
diff --git a/modules/webhook/matrix.go b/modules/webhook/matrix.go
@@ -5,6 +5,7 @@
 package webhook
 
 import (
+	"crypto/sha1"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -291,7 +292,14 @@ func getMatrixHookRequest(t *models.HookTask) (*http.Request, error) {
 	}
 	t.PayloadContent = string(payload)
 
-	req, err := http.NewRequest("POST", t.URL, strings.NewReader(string(payload)))
+	txnID, err := getMatrixTxnID(payload)
+	if err != nil {
+		return nil, fmt.Errorf("getMatrixHookRequest: unable to hash payload: %+v", err)
+	}
+
+	t.URL = fmt.Sprintf("%s/%s", t.URL, txnID)
+
+	req, err := http.NewRequest(t.HTTPMethod, t.URL, strings.NewReader(string(payload)))
 	if err != nil {
 		return nil, err
 	}
@@ -301,3 +309,14 @@ func getMatrixHookRequest(t *models.HookTask) (*http.Request, error) {
 
 	return req, nil
 }
+
+// getMatrixTxnID creates a txnID based on the payload to ensure idempotency
+func getMatrixTxnID(payload []byte) (string, error) {
+	h := sha1.New()
+	_, err := h.Write(payload)
+	if err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("%x", h.Sum(nil)), nil
+}
diff --git a/modules/webhook/matrix_test.go b/modules/webhook/matrix_test.go
@@ -154,3 +154,32 @@ func TestMatrixHookRequest(t *testing.T) {
 	assert.Equal(t, "Bearer dummy_access_token", req.Header.Get("Authorization"))
 	assert.Equal(t, wantPayloadContent, h.PayloadContent)
 }
+
+func Test_getTxnID(t *testing.T) {
+	type args struct {
+		payload []byte
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{
+			name:    "dummy payload",
+			args:    args{payload: []byte("Hello World")},
+			want:    "0a4d55a8d778e5022fab701977c5d840bbc486d0",
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := getMatrixTxnID(tt.args.payload)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("getMatrixTxnID() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/routers/repo/webhook.go b/routers/repo/webhook.go
@@ -454,6 +454,7 @@ func MatrixHooksNewPost(ctx *context.Context, form auth.NewMatrixHookForm) {
 		RepoID:          orCtx.RepoID,
 		URL:             fmt.Sprintf("%s/_matrix/client/r0/rooms/%s/send/m.room.message", form.HomeserverURL, form.RoomID),
 		ContentType:     models.ContentTypeJSON,
+		HTTPMethod:      "PUT",
 		HookEvent:       ParseHookEvent(form.WebhookForm),
 		IsActive:        form.Active,
 		HookTaskType:    models.MATRIX,

Original file line number	Diff line number	Diff line change
`@@ -220,6 +220,8 @@ var migrations = []Migration{`
`220`	`220`	`NewMigration("Ensure Repository.IsArchived is not null", setIsArchivedToFalse),`
`221`	`221`	`// v143 -> v144`
`222`	`222`	`NewMigration("recalculate Stars number for all user", recalculateStars),`
	`223`	`+ // v144 -> v145`
	`224`	`+ NewMigration("update Matrix Webhook http method to 'PUT'", updateMatrixWebhookHTTPMethod),`
`223`	`225`	`}`
`224`	`226`
`225`	`227`	`// GetCurrentDBVersion returns the current db version`