[api] Implement service webhooks
GitHub announced the deprecation of GitHub services in favor of webhooks (on January 31, 2019 GitHub will stop delivering services events). WebHooks are designed different than services, therefore it was necessary to implement a dedicated controller. Unlike the OBS GitHub service, webhooks do not deliver the token anymore in the HTTP Header. Because of that it is not possible to compare the tokens anymore as part of the authentication process. We used this opportunity to implement generic webhooks which support for now GitHub, Pagure and a generic webhook. To trigger a webhook, it is now necessary to generate a signature over the payload body with the secret token. To authorize, OBS verifies this signature. OBS supports for now three different HTTP header to submit this signature: * HTTP_X_OBS_SIGNATURE (generic OBS header) * HTTP_X_HUB_SIGNATURE (GitHub) * HTTP_X-Pagure-Signature-256 (Pagure) It is now also necessary to send the token id with the webhook request. This PR introduces the new route: 'trigger/service/github?id=42' See these URLs for more details: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ https://developer.github.com/webhooks/securing/ https://docs.pagure.org/pagure/usage/using_webhooks.html
Please register or sign in to comment