This should work - Fixed build notifications

Although I can't actually test it, just roughly
This commit is contained in:
Norbi Peti 2017-06-30 23:58:36 +02:00
parent 2aa02a34cb
commit f0aba479e3
3 changed files with 20 additions and 9 deletions

View file

@ -113,6 +113,7 @@ public class ButtonWebsiteModule extends JavaPlugin {
addPage(new IndexPage()); addPage(new IndexPage());
addPage(new LoginPage()); addPage(new LoginPage());
addPage(new ProfilePage()); addPage(new ProfilePage());
addPage(new BuildNotificationsPage());
TBMCCoreAPI.RegisterUserClass(WebUser.class); TBMCCoreAPI.RegisterUserClass(WebUser.class);
Bukkit.getScheduler().runTaskAsynchronously(this, () -> { Bukkit.getScheduler().runTaskAsynchronously(this, () -> {
this.getLogger().info("Starting webserver..."); this.getLogger().info("Starting webserver...");

View file

@ -186,7 +186,7 @@ public class IOHelper {
if (spl.length == 1) if (spl.length == 1)
vars.put(spl[0], ""); vars.put(spl[0], "");
else else
vars.put(spl[0], spl[1]); vars.put(spl[0], URLDecoder.decode(spl[1], "utf-8"));
} }
return vars; return vars;
} catch (Exception e) { } catch (Exception e) {

View file

@ -1,5 +1,6 @@
package buttondevteam.website.page; package buttondevteam.website.page;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.Signature; import java.security.Signature;
@ -9,9 +10,12 @@ import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.function.Supplier; import java.util.function.Supplier;
import org.bukkit.Bukkit;
import com.google.gson.*; import com.google.gson.*;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
import buttondevteam.lib.PluginUpdater;
import buttondevteam.lib.TBMCCoreAPI; import buttondevteam.lib.TBMCCoreAPI;
import buttondevteam.website.io.IOHelper; import buttondevteam.website.io.IOHelper;
import buttondevteam.website.io.Response; import buttondevteam.website.io.Response;
@ -23,10 +27,13 @@ public class BuildNotificationsPage extends Page {
return "build_notifications"; return "build_notifications";
} }
private static final String signature = ((Supplier<String>) () -> { private static final Gson gson = new Gson();
private static final String publickey = ((Supplier<String>) () -> {
try { try {
return fromString(TBMCCoreAPI.DownloadString("https://api.travis-ci.org/config"), return fromString(TBMCCoreAPI.DownloadString("https://api.travis-ci.org/config"),
"config.notifications.webhook.public_key").getAsString(); "config.notifications.webhook.public_key").getAsString().replace("-----BEGIN PUBLIC KEY-----", "")
.replaceAll("\n", "").replace("-----END PUBLIC KEY-----", "");
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
@ -37,14 +44,17 @@ public class BuildNotificationsPage extends Page {
HashMap<String, String> post = IOHelper.GetPOSTKeyValues(exchange); HashMap<String, String> post = IOHelper.GetPOSTKeyValues(exchange);
try { try {
final List<String> signatures = exchange.getRequestHeaders().get("Signature"); final List<String> signatures = exchange.getRequestHeaders().get("Signature");
if (signatures.size() > 0 && post.containsKey("payload") final String payload = post.get("payload");
&& verifySignature(Base64.getDecoder().decode(post.get("payload")), if (signatures != null && signatures.size() > 0 && post.containsKey("payload")
Base64.getDecoder().decode(signatures.get(0)), signature)) { && verifySignature(payload.getBytes(StandardCharsets.UTF_8),
// TODO: Send event Base64.getDecoder().decode(signatures.get(0)), publickey)) {
Bukkit.getPluginManager()
.callEvent(new PluginUpdater.UpdatedEvent(gson.fromJson(payload, JsonObject.class)));
return new Response(200, "All right", exchange); return new Response(200, "All right", exchange);
} }
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException(e); return new Response(400,
"Invalid data, error: " + e + " If you're messing with this, stop messing with this.", exchange); // Blame the user
} }
return new Response(400, "Verification failed", exchange); return new Response(400, "Verification failed", exchange);
} }
@ -68,7 +78,7 @@ public class BuildNotificationsPage extends Page {
} }
public static JsonElement fromString(String json, String path) throws JsonSyntaxException { public static JsonElement fromString(String json, String path) throws JsonSyntaxException {
JsonObject obj = new GsonBuilder().create().fromJson(json, JsonObject.class); JsonObject obj = gson.fromJson(json, JsonObject.class);
String[] seg = path.split("\\."); String[] seg = path.split("\\.");
for (String element : seg) { for (String element : seg) {
if (obj != null) { if (obj != null) {