2018-11-20 20:47:30 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
class WebHook < ApplicationRecord
|
2015-04-26 12:48:37 +05:30
|
|
|
include Sortable
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2022-08-13 15:12:31 +05:30
|
|
|
InterpolationError = Class.new(StandardError)
|
|
|
|
|
|
2021-09-04 01:27:46 +05:30
|
|
|
MAX_FAILURES = 100
|
2021-06-08 01:23:25 +05:30
|
|
|
FAILURE_THRESHOLD = 3 # three strikes
|
2023-01-13 00:05:48 +05:30
|
|
|
EXCEEDED_FAILURE_THRESHOLD = FAILURE_THRESHOLD + 1
|
2022-11-25 23:54:43 +05:30
|
|
|
INITIAL_BACKOFF = 1.minute
|
2021-06-08 01:23:25 +05:30
|
|
|
MAX_BACKOFF = 1.day
|
|
|
|
|
BACKOFF_GROWTH_FACTOR = 2.0
|
2023-01-13 00:05:48 +05:30
|
|
|
SECRET_MASK = '************'
|
2021-06-08 01:23:25 +05:30
|
|
|
|
2018-12-05 23:21:45 +05:30
|
|
|
attr_encrypted :token,
|
2022-08-27 11:52:29 +05:30
|
|
|
mode: :per_attribute_iv,
|
2018-12-05 23:21:45 +05:30
|
|
|
algorithm: 'aes-256-gcm',
|
2022-08-27 11:52:29 +05:30
|
|
|
key: Settings.attr_encrypted_db_key_base_32
|
2018-12-05 23:21:45 +05:30
|
|
|
|
|
|
|
|
attr_encrypted :url,
|
2022-08-27 11:52:29 +05:30
|
|
|
mode: :per_attribute_iv,
|
2018-12-05 23:21:45 +05:30
|
|
|
algorithm: 'aes-256-gcm',
|
2022-08-27 11:52:29 +05:30
|
|
|
key: Settings.attr_encrypted_db_key_base_32
|
2018-12-05 23:21:45 +05:30
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
attr_encrypted :url_variables,
|
|
|
|
|
mode: :per_attribute_iv,
|
|
|
|
|
key: Settings.attr_encrypted_db_key_base_32,
|
|
|
|
|
algorithm: 'aes-256-gcm',
|
|
|
|
|
marshal: true,
|
|
|
|
|
marshaler: ::Gitlab::Json,
|
|
|
|
|
encode: false,
|
|
|
|
|
encode_iv: false
|
|
|
|
|
|
2019-12-21 20:55:43 +05:30
|
|
|
has_many :web_hook_logs
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
validates :url, presence: true
|
2023-01-13 00:05:48 +05:30
|
|
|
validates :url, public_url: true, unless: ->(hook) { hook.is_a?(SystemHook) || hook.url_variables? }
|
2018-11-08 19:23:39 +05:30
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
validates :token, format: { without: /\n/ }
|
2022-07-23 23:45:48 +05:30
|
|
|
after_initialize :initialize_url_variables
|
2023-01-13 00:05:48 +05:30
|
|
|
|
2023-01-10 11:22:00 +05:30
|
|
|
before_validation :reset_token
|
2023-04-23 21:23:45 +05:30
|
|
|
before_validation :reset_url_variables, unless: ->(hook) { hook.is_a?(ServiceHook) }
|
2023-03-04 22:38:38 +05:30
|
|
|
before_validation :set_branch_filter_nil, if: :branch_filter_strategy_all_branches?
|
|
|
|
|
validates :push_events_branch_filter, untrusted_regexp: true, if: :branch_filter_strategy_regex?
|
|
|
|
|
validates :push_events_branch_filter, "web_hooks/wildcard_branch_filter": true, if: :branch_filter_strategy_wildcard?
|
2023-01-13 00:05:48 +05:30
|
|
|
|
|
|
|
|
validates :url_variables, json_schema: { filename: 'web_hooks_url_variables' }
|
|
|
|
|
validate :no_missing_url_variables
|
|
|
|
|
validates :interpolated_url, public_url: true, if: ->(hook) { hook.url_variables? && hook.errors.empty? }
|
|
|
|
|
|
|
|
|
|
enum branch_filter_strategy: {
|
|
|
|
|
wildcard: 0,
|
|
|
|
|
regex: 1,
|
|
|
|
|
all_branches: 2
|
|
|
|
|
}, _prefix: true
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2018-12-05 23:21:45 +05:30
|
|
|
# rubocop: disable CodeReuse/ServiceClass
|
2022-04-04 11:22:00 +05:30
|
|
|
def execute(data, hook_name, force: false)
|
|
|
|
|
# hook.executable? is checked in WebHookService#execute
|
|
|
|
|
WebHookService.new(self, data, hook_name, force: force).execute
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
2018-12-05 23:21:45 +05:30
|
|
|
# rubocop: enable CodeReuse/ServiceClass
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2018-12-05 23:21:45 +05:30
|
|
|
# rubocop: disable CodeReuse/ServiceClass
|
2015-09-11 14:41:01 +05:30
|
|
|
def async_execute(data, hook_name)
|
2021-06-08 01:23:25 +05:30
|
|
|
WebHookService.new(self, data, hook_name).async_execute if executable?
|
2016-06-02 11:05:42 +05:30
|
|
|
end
|
2018-12-05 23:21:45 +05:30
|
|
|
# rubocop: enable CodeReuse/ServiceClass
|
2018-11-08 19:23:39 +05:30
|
|
|
|
|
|
|
|
# Allow urls pointing localhost and the local network
|
|
|
|
|
def allow_local_requests?
|
2019-10-12 21:52:04 +05:30
|
|
|
Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
|
2018-11-08 19:23:39 +05:30
|
|
|
end
|
2020-01-01 13:55:28 +05:30
|
|
|
|
|
|
|
|
def help_path
|
|
|
|
|
'user/project/integrations/webhooks'
|
|
|
|
|
end
|
2021-06-08 01:23:25 +05:30
|
|
|
|
|
|
|
|
def next_backoff
|
|
|
|
|
return MAX_BACKOFF if backoff_count >= 8 # optimization to prevent expensive exponentiation and possible overflows
|
|
|
|
|
|
|
|
|
|
(INITIAL_BACKOFF * (BACKOFF_GROWTH_FACTOR**backoff_count))
|
|
|
|
|
.clamp(INITIAL_BACKOFF, MAX_BACKOFF)
|
|
|
|
|
.seconds
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def disable!
|
2023-01-13 00:05:48 +05:30
|
|
|
update_attribute(:recent_failures, EXCEEDED_FAILURE_THRESHOLD)
|
2021-06-08 01:23:25 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def enable!
|
2021-09-04 01:27:46 +05:30
|
|
|
return if recent_failures == 0 && disabled_until.nil? && backoff_count == 0
|
|
|
|
|
|
2021-10-27 15:23:28 +05:30
|
|
|
assign_attributes(recent_failures: 0, disabled_until: nil, backoff_count: 0)
|
|
|
|
|
save(validate: false)
|
2021-06-08 01:23:25 +05:30
|
|
|
end
|
|
|
|
|
|
2022-11-25 23:54:43 +05:30
|
|
|
# Don't actually back-off until FAILURE_THRESHOLD failures have been seen
|
|
|
|
|
# we mark the grace-period using the recent_failures counter
|
2021-09-04 01:27:46 +05:30
|
|
|
def backoff!
|
2023-01-13 00:05:48 +05:30
|
|
|
attrs = { recent_failures: next_failure_count }
|
2022-11-25 23:54:43 +05:30
|
|
|
|
|
|
|
|
if recent_failures >= FAILURE_THRESHOLD
|
2023-01-13 00:05:48 +05:30
|
|
|
attrs[:backoff_count] = next_backoff_count
|
2022-11-25 23:54:43 +05:30
|
|
|
attrs[:disabled_until] = next_backoff.from_now
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
assign_attributes(attrs)
|
2023-04-23 21:23:45 +05:30
|
|
|
save(validate: false) if changed?
|
2021-09-04 01:27:46 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def failed!
|
2021-10-27 15:23:28 +05:30
|
|
|
return unless recent_failures < MAX_FAILURES
|
|
|
|
|
|
2023-01-13 00:05:48 +05:30
|
|
|
assign_attributes(disabled_until: nil, backoff_count: 0, recent_failures: next_failure_count)
|
2021-10-27 15:23:28 +05:30
|
|
|
save(validate: false)
|
2021-09-04 01:27:46 +05:30
|
|
|
end
|
|
|
|
|
|
2022-01-26 12:08:38 +05:30
|
|
|
# @return [Boolean] Whether or not the WebHook is currently throttled.
|
|
|
|
|
def rate_limited?
|
2022-07-23 23:45:48 +05:30
|
|
|
rate_limiter.rate_limited?
|
2022-01-26 12:08:38 +05:30
|
|
|
end
|
|
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
# @return [Integer] The rate limit for the WebHook. `0` for no limit.
|
2021-06-08 01:23:25 +05:30
|
|
|
def rate_limit
|
2022-07-23 23:45:48 +05:30
|
|
|
rate_limiter.limit
|
2021-06-08 01:23:25 +05:30
|
|
|
end
|
|
|
|
|
|
2022-03-02 08:16:31 +05:30
|
|
|
# Returns the associated Project or Group for the WebHook if one exists.
|
|
|
|
|
# Overridden by inheriting classes.
|
|
|
|
|
def parent
|
|
|
|
|
end
|
|
|
|
|
|
2021-09-04 01:27:46 +05:30
|
|
|
# Custom attributes to be included in the worker context.
|
|
|
|
|
def application_context
|
|
|
|
|
{ related_class: type }
|
|
|
|
|
end
|
|
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
# Exclude binary columns by default - they have no sensible JSON encoding
|
|
|
|
|
def serializable_hash(options = nil)
|
|
|
|
|
options = options.try(:dup) || {}
|
|
|
|
|
options[:except] = Array(options[:except]).dup
|
|
|
|
|
options[:except].concat [:encrypted_url_variables, :encrypted_url_variables_iv]
|
|
|
|
|
|
|
|
|
|
super(options)
|
|
|
|
|
end
|
|
|
|
|
|
2022-08-13 15:12:31 +05:30
|
|
|
# See app/validators/json_schemas/web_hooks_url_variables.json
|
2023-03-04 22:38:38 +05:30
|
|
|
VARIABLE_REFERENCE_RE = /\{([A-Za-z]+[0-9]*(?:[._-][A-Za-z0-9]+)*)\}/.freeze
|
2022-08-13 15:12:31 +05:30
|
|
|
|
2023-04-23 21:23:45 +05:30
|
|
|
def interpolated_url
|
2022-08-13 15:12:31 +05:30
|
|
|
return url unless url.include?('{')
|
|
|
|
|
|
|
|
|
|
vars = url_variables
|
|
|
|
|
url.gsub(VARIABLE_REFERENCE_RE) do
|
|
|
|
|
vars.fetch(_1.delete_prefix('{').delete_suffix('}'))
|
|
|
|
|
end
|
|
|
|
|
rescue KeyError => e
|
|
|
|
|
raise InterpolationError, "Invalid URL template. Missing key #{e.key}"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def update_last_failure
|
|
|
|
|
# Overridden in child classes.
|
|
|
|
|
end
|
|
|
|
|
|
2023-01-13 00:05:48 +05:30
|
|
|
def masked_token
|
|
|
|
|
token.present? ? SECRET_MASK : nil
|
|
|
|
|
end
|
|
|
|
|
|
2021-06-08 01:23:25 +05:30
|
|
|
private
|
|
|
|
|
|
2023-01-10 11:22:00 +05:30
|
|
|
def reset_token
|
|
|
|
|
self.token = nil if url_changed? && !encrypted_token_changed?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def reset_url_variables
|
2023-04-23 21:23:45 +05:30
|
|
|
self.url_variables = {} if url_changed? && !encrypted_url_variables_changed?
|
2023-01-10 11:22:00 +05:30
|
|
|
end
|
|
|
|
|
|
2023-01-13 00:05:48 +05:30
|
|
|
def next_failure_count
|
|
|
|
|
recent_failures.succ.clamp(1, MAX_FAILURES)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def next_backoff_count
|
|
|
|
|
backoff_count.succ.clamp(1, MAX_FAILURES)
|
|
|
|
|
end
|
|
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
def initialize_url_variables
|
|
|
|
|
self.url_variables = {} if encrypted_url_variables.nil?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def rate_limiter
|
|
|
|
|
@rate_limiter ||= Gitlab::WebHooks::RateLimiter.new(self)
|
|
|
|
|
end
|
2022-08-13 15:12:31 +05:30
|
|
|
|
|
|
|
|
def no_missing_url_variables
|
|
|
|
|
return if url.nil?
|
|
|
|
|
|
|
|
|
|
variable_names = url_variables.keys
|
|
|
|
|
used_variables = url.scan(VARIABLE_REFERENCE_RE).map(&:first)
|
|
|
|
|
|
|
|
|
|
missing = used_variables - variable_names
|
|
|
|
|
|
|
|
|
|
return if missing.empty?
|
|
|
|
|
|
|
|
|
|
errors.add(:url, "Invalid URL template. Missing keys: #{missing}")
|
|
|
|
|
end
|
2023-01-13 00:05:48 +05:30
|
|
|
|
|
|
|
|
def set_branch_filter_nil
|
|
|
|
|
self.push_events_branch_filter = nil
|
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
