From 1e39f5049bccbefc3fc2dcaa10f627601af9dd9e Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 12 Jan 2022 07:39:22 +0100
Subject: [PATCH] first implementation of github webhook

---
 backend/.env.dist                  |  7 +++-
 backend/package.json               |  1 +
 backend/src/config/index.ts        |  6 +++
 backend/src/server/createServer.ts | 18 +++++++++
 backend/src/webhook/github.ts      | 22 +++++++++++
 backend/yarn.lock                  | 59 ++++++++++++++++++++++++++++++
 6 files changed, 112 insertions(+), 1 deletion(-)
 create mode 100644 backend/src/webhook/github.ts

diff --git a/backend/.env.dist b/backend/.env.dist
index 77fd9f6cc..2c20e6b7a 100644
--- a/backend/.env.dist
+++ b/backend/.env.dist
@@ -33,4 +33,9 @@ COMMUNITY_DESCRIPTION=
 LOGIN_APP_SECRET=21ffbbc616fe
 LOGIN_SERVER_KEY=a51ef8ac7ef1abf162fb7a65261acd7a
 
-WEBHOOK_ELOPAGE_SECRET=secret
\ No newline at end of file
+WEBHOOK_ELOPAGE_SECRET=secret
+
+WEBHOOK_GITHUB=false
+WEBHOOK_GITHUB_SECRET=
+WEBHOOK_GITHUB_PAYLOAD_LIMIT=1mb
+WEBHOOK_GITHUB_BRANCH=master
\ No newline at end of file
diff --git a/backend/package.json b/backend/package.json
index 65ce3c801..aad8452ac 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -25,6 +25,7 @@
     "cors": "^2.8.5",
     "dotenv": "^10.0.0",
     "express": "^4.17.1",
+    "github-webhook-middleware": "^0.0.2",
     "graphql": "^15.5.1",
     "jest": "^27.2.4",
     "jsonwebtoken": "^8.5.1",
diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts
index 2ef382ee3..4027f26c2 100644
--- a/backend/src/config/index.ts
+++ b/backend/src/config/index.ts
@@ -56,7 +56,13 @@ const email = {
 }
 
 const webhook = {
+  // Elopage
   WEBHOOK_ELOPAGE_SECRET: process.env.WEBHOOK_ELOPAGE_SECRET || 'secret',
+  // Github
+  WEBHOOK_GITHUB: process.env.WEBHOOK_GITHUB || false,
+  WEBHOOK_GITHUB_SECRET: process.env.WEBHOOK_GITHUB_SECRET || '',
+  WEBHOOK_GITHUB_PAYLOAD_LIMIT: process.env.WEBHOOK_GITHUB_PAYLOAD_LIMIT || '1mb',
+  WEBHOOK_GITHUB_BRANCH: process.env.WEBHOOK_GITHUB_BRANCH || 'master',
 }
 
 // This is needed by graphql-directive-auth
diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts
index 0393da202..c6c4207bc 100644
--- a/backend/src/server/createServer.ts
+++ b/backend/src/server/createServer.ts
@@ -24,6 +24,13 @@ import schema from '../graphql/schema'
 
 // webhooks
 import { elopageWebhook } from '../webhook/elopage'
+import { githubWebhook } from '../webhook/github'
+
+// github middleware
+// This library has no types available
+// TODO: fork it an make it typescript
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const githubMiddleware = require('github-webhook-middleware')
 
 // TODO implement
 // import queryComplexity, { simpleEstimator, fieldConfigEstimator } from "graphql-query-complexity";
@@ -60,6 +67,17 @@ const createServer = async (context: any = serverContext): Promise<any> => {
 
   // Elopage Webhook
   app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook)
+  // Github Webhook
+  if (CONFIG.WEBHOOK_GITHUB) {
+    app.post(
+      '/hook/github/',
+      githubMiddleware({
+        secret: CONFIG.WEBHOOK_GITHUB_SECRET,
+        limit: CONFIG.WEBHOOK_GITHUB_PAYLOAD_LIMIT,
+      }),
+      githubWebhook,
+    )
+  }
 
   // Apollo Server
   const apollo = new ApolloServer({
diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts
new file mode 100644
index 000000000..5a88f5f21
--- /dev/null
+++ b/backend/src/webhook/github.ts
@@ -0,0 +1,22 @@
+import CONFIG from '../config'
+
+export const githubWebhook = async (req: any, res: any): Promise<void> => {
+  // eslint-disable-next-line no-console
+  console.log('Hook received')
+  // End call as early as possible
+  res.status(200).end()
+  // eslint-disable-next-line no-console
+  console.log('Call ended')
+
+  // Handle push events
+  if (req.headers['x-github-event'] === 'push') {
+    const payload = req.body
+    // eslint-disable-next-line no-console
+    console.log(payload)
+
+    if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) {
+      // eslint-disable-next-line no-console
+      console.log('MATCH!')
+    }
+  }
+}
diff --git a/backend/yarn.lock b/backend/yarn.lock
index 2c1603fbd..04ef5505c 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -1568,6 +1568,22 @@ body-parser@1.19.0, body-parser@^1.18.3:
     raw-body "2.4.0"
     type-is "~1.6.17"
 
+body-parser@^1.10.0:
+  version "1.19.1"
+  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.1.tgz#1499abbaa9274af3ecc9f6f10396c995943e31d4"
+  integrity sha512-8ljfQi5eBk8EJfECMrgqNGWPEY5jWP+1IzkzkGdFFEwFQZZyaZ21UqdaHktgiMlH0xLHqIFtE/u2OYE5dOtViA==
+  dependencies:
+    bytes "3.1.1"
+    content-type "~1.0.4"
+    debug "2.6.9"
+    depd "~1.1.2"
+    http-errors "1.8.1"
+    iconv-lite "0.4.24"
+    on-finished "~2.3.0"
+    qs "6.9.6"
+    raw-body "2.4.2"
+    type-is "~1.6.18"
+
 boxen@^5.0.0:
   version "5.1.2"
   resolved "https://registry.yarnpkg.com/boxen/-/boxen-5.1.2.tgz#788cb686fc83c1f486dfa8a40c68fc2b831d2b50"
@@ -1657,6 +1673,11 @@ bytes@3.1.0:
   resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6"
   integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==
 
+bytes@3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.1.tgz#3f018291cb4cbad9accb6e6970bca9c8889e879a"
+  integrity sha512-dWe4nWO/ruEOY7HkUJ5gFt1DCFV9zPRoJr8pV0/ASQermOZjtq8jMjOprC0Kd10GLN+l7xaUPvxzJFWtxGu8Fg==
+
 cacheable-request@^6.0.0:
   version "6.1.0"
   resolved "https://registry.yarnpkg.com/cacheable-request/-/cacheable-request-6.1.0.tgz#20ffb8bd162ba4be11e9567d823db651052ca912"
@@ -2747,6 +2768,13 @@ get-symbol-description@^1.0.0:
     call-bind "^1.0.2"
     get-intrinsic "^1.1.1"
 
+github-webhook-middleware@^0.0.2:
+  version "0.0.2"
+  resolved "https://registry.yarnpkg.com/github-webhook-middleware/-/github-webhook-middleware-0.0.2.tgz#8f26c9d45b7171c57d033c42b84d0e5013a69958"
+  integrity sha1-jybJ1FtxccV9AzxCuE0OUBOmmVg=
+  dependencies:
+    body-parser "^1.10.0"
+
 glob-parent@^5.1.2, glob-parent@~5.1.2:
   version "5.1.2"
   resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4"
@@ -2949,6 +2977,17 @@ http-errors@1.7.2:
     statuses ">= 1.5.0 < 2"
     toidentifier "1.0.0"
 
+http-errors@1.8.1:
+  version "1.8.1"
+  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c"
+  integrity sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==
+  dependencies:
+    depd "~1.1.2"
+    inherits "2.0.4"
+    setprototypeof "1.2.0"
+    statuses ">= 1.5.0 < 2"
+    toidentifier "1.0.1"
+
 http-errors@^1.7.3:
   version "1.8.0"
   resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.0.tgz#75d1bbe497e1044f51e4ee9e704a62f28d336507"
@@ -4662,6 +4701,11 @@ qs@6.7.0:
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
   integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
 
+qs@6.9.6:
+  version "6.9.6"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.6.tgz#26ed3c8243a431b2924aca84cc90471f35d5a0ee"
+  integrity sha512-TIRk4aqYLNoJUbd+g2lEdz5kLWIuTMRagAXxl78Q0RiVjAOugHmeKNGdd3cwo/ktpf9aL9epCfFqWDEKysUlLQ==
+
 queue-microtask@^1.2.2:
   version "1.2.3"
   resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243"
@@ -4687,6 +4731,16 @@ raw-body@2.4.0:
     iconv-lite "0.4.24"
     unpipe "1.0.0"
 
+raw-body@2.4.2:
+  version "2.4.2"
+  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.2.tgz#baf3e9c21eebced59dd6533ac872b71f7b61cb32"
+  integrity sha512-RPMAFUJP19WIet/99ngh6Iv8fzAbqum4Li7AD6DtGaW2RpMB/11xDoalPiJMTbu6I3hkbMVkATvZrqb9EEqeeQ==
+  dependencies:
+    bytes "3.1.1"
+    http-errors "1.8.1"
+    iconv-lite "0.4.24"
+    unpipe "1.0.0"
+
 rc@^1.2.8:
   version "1.2.8"
   resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed"
@@ -5254,6 +5308,11 @@ toidentifier@1.0.0:
   resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
   integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==
 
+toidentifier@1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
+  integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
+
 touch@^3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/touch/-/touch-3.1.0.tgz#fe365f5f75ec9ed4e56825e0bb76d24ab74af83b"