119 lines
3.7 KiB
Python
119 lines
3.7 KiB
Python
import hashlib
|
|
import hmac
|
|
import json
|
|
import logging
|
|
from typing import Any
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Request
|
|
from sqlalchemy import select
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.config import get_settings
|
|
from app.db.base import SessionLocal, get_db
|
|
from app.db.models import ChatSession, Message, ProjectBinding
|
|
from app.projects.service import ProjectService
|
|
|
|
router = APIRouter()
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def _verify_gitea_signature(body: bytes, signature: str | None, secret: str) -> bool:
|
|
if not secret:
|
|
return True
|
|
if not signature:
|
|
return False
|
|
if signature.startswith("sha256="):
|
|
signature = signature[7:]
|
|
expected = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
|
|
return hmac.compare_digest(expected, signature)
|
|
|
|
|
|
def _post_close_notice(results: list[dict[str, Any]], owner: str, repo: str) -> None:
|
|
if not results:
|
|
return
|
|
db = SessionLocal()
|
|
try:
|
|
session = db.scalar(
|
|
select(ChatSession).order_by(ChatSession.updated_at.desc()).limit(1)
|
|
)
|
|
if not session:
|
|
session = ChatSession(title="Git")
|
|
db.add(session)
|
|
db.commit()
|
|
db.refresh(session)
|
|
|
|
lines = [f"🔀 **Push** `{owner}/{repo}`"]
|
|
for item in results:
|
|
if "closed" in item:
|
|
lines.append(f"- `{item.get('commit', '?')}`: закрыто {item['closed']}")
|
|
elif "error" in item:
|
|
lines.append(f"- ошибка: {item['error']}")
|
|
|
|
db.add(Message(session_id=session.id, role="notice", content="\n".join(lines)))
|
|
db.commit()
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@router.post("/webhooks/gitea")
|
|
async def gitea_webhook(request: Request, db: Session = Depends(get_db)) -> dict[str, Any]:
|
|
body = await request.body()
|
|
settings = get_settings()
|
|
signature = (
|
|
request.headers.get("X-Gitea-Signature")
|
|
or request.headers.get("X-Gogs-Signature")
|
|
or request.headers.get("X-Hub-Signature-256")
|
|
)
|
|
|
|
if not _verify_gitea_signature(body, signature, settings.gitea_webhook_secret):
|
|
raise HTTPException(status_code=401, detail="Invalid webhook signature")
|
|
|
|
payload = json.loads(body)
|
|
if payload.get("secret") and settings.gitea_webhook_secret:
|
|
if payload.get("secret") != settings.gitea_webhook_secret:
|
|
raise HTTPException(status_code=401, detail="Invalid webhook secret")
|
|
|
|
event = request.headers.get("X-Gitea-Event", "")
|
|
if event != "push":
|
|
return {"ok": True, "skipped": event}
|
|
|
|
repo = payload.get("repository", {})
|
|
owner = repo.get("owner", {}).get("login", "")
|
|
repo_name = repo.get("name", "")
|
|
if not owner or not repo_name:
|
|
raise HTTPException(status_code=400, detail="Missing repository info")
|
|
|
|
binding = db.scalar(
|
|
select(ProjectBinding).where(
|
|
ProjectBinding.gitea_owner == owner,
|
|
ProjectBinding.gitea_repo == repo_name,
|
|
)
|
|
)
|
|
if not binding:
|
|
return {"ok": True, "skipped": "unknown repo"}
|
|
|
|
commits = list(payload.get("commits") or [])
|
|
if not commits:
|
|
head = payload.get("head_commit")
|
|
if head:
|
|
commits = [head]
|
|
|
|
logger.info(
|
|
"Gitea push %s/%s ref=%s commits=%d",
|
|
owner,
|
|
repo_name,
|
|
payload.get("ref", ""),
|
|
len(commits),
|
|
)
|
|
|
|
service = ProjectService(db)
|
|
results = service.process_push(owner, repo_name, commits)
|
|
if results:
|
|
logger.info("Gitea push results: %s", results)
|
|
else:
|
|
logger.warning("Gitea push: no close actions for %s/%s", owner, repo_name)
|
|
|
|
_post_close_notice(results, owner, repo_name)
|
|
|
|
return {"ok": True, "results": results, "commits_processed": len(commits)}
|