95 lines
3.1 KiB
Python
95 lines
3.1 KiB
Python
import hashlib
|
|
import hmac
|
|
import json
|
|
from typing import Any
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Request
|
|
from sqlalchemy import select
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.config import get_settings
|
|
from app.db.base import SessionLocal, get_db
|
|
from app.db.models import ChatSession, Message, ProjectBinding
|
|
from app.projects.service import ProjectService
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
def _verify_gitea_signature(body: bytes, signature: str | None, secret: str) -> bool:
|
|
if not secret:
|
|
return True
|
|
if not signature:
|
|
return False
|
|
if signature.startswith("sha256="):
|
|
signature = signature[7:]
|
|
expected = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
|
|
return hmac.compare_digest(expected, signature)
|
|
|
|
|
|
def _post_close_notice(results: list[dict[str, Any]], owner: str, repo: str) -> None:
|
|
if not results:
|
|
return
|
|
db = SessionLocal()
|
|
try:
|
|
session = db.scalar(
|
|
select(ChatSession).order_by(ChatSession.updated_at.desc()).limit(1)
|
|
)
|
|
if not session:
|
|
session = ChatSession(title="Git")
|
|
db.add(session)
|
|
db.commit()
|
|
db.refresh(session)
|
|
|
|
lines = [f"🔀 **Push** `{owner}/{repo}`"]
|
|
for item in results:
|
|
if "closed" in item:
|
|
lines.append(f"- `{item.get('commit', '?')}`: закрыто {item['closed']}")
|
|
elif "error" in item:
|
|
lines.append(f"- ошибка: {item['error']}")
|
|
|
|
db.add(Message(session_id=session.id, role="notice", content="\n".join(lines)))
|
|
db.commit()
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@router.post("/webhooks/gitea")
|
|
async def gitea_webhook(request: Request, db: Session = Depends(get_db)) -> dict[str, Any]:
|
|
body = await request.body()
|
|
settings = get_settings()
|
|
signature = request.headers.get("X-Gitea-Signature")
|
|
|
|
if not _verify_gitea_signature(body, signature, settings.gitea_webhook_secret):
|
|
raise HTTPException(status_code=401, detail="Invalid webhook signature")
|
|
|
|
payload = json.loads(body)
|
|
if payload.get("secret") and settings.gitea_webhook_secret:
|
|
if payload.get("secret") != settings.gitea_webhook_secret:
|
|
raise HTTPException(status_code=401, detail="Invalid webhook secret")
|
|
|
|
event = request.headers.get("X-Gitea-Event", "")
|
|
if event != "push":
|
|
return {"ok": True, "skipped": event}
|
|
|
|
repo = payload.get("repository", {})
|
|
owner = repo.get("owner", {}).get("login", "")
|
|
repo_name = repo.get("name", "")
|
|
if not owner or not repo_name:
|
|
raise HTTPException(status_code=400, detail="Missing repository info")
|
|
|
|
binding = db.scalar(
|
|
select(ProjectBinding).where(
|
|
ProjectBinding.gitea_owner == owner,
|
|
ProjectBinding.gitea_repo == repo_name,
|
|
)
|
|
)
|
|
if not binding:
|
|
return {"ok": True, "skipped": "unknown repo"}
|
|
|
|
commits = payload.get("commits") or []
|
|
service = ProjectService(db)
|
|
results = service.process_push(owner, repo_name, commits)
|
|
_post_close_notice(results, owner, repo_name)
|
|
|
|
return {"ok": True, "results": results}
|