Merge branch 'MartinFechner-fixup-github-webhook'

README.md

@@ -20,11 +20,6 @@ Synchronizes your data collection with GitHub and GitLab.
 -  the data xar containing the target collection must be installed prior to using Tuttle
 -  Authtoken for git repository to use
 
-## Current restrictions
-
-In version 1.1.1 not implemented:
--  webhooks are not fully implemented.
-
 ## Building and Installation
 
 Tuttle uses Gulp as its build tool which itself builds on NPM. 
@@ -94,8 +89,21 @@ Gitserver type:  'github' or 'gitlab'
 #### ref 
 Define the working branch of the git repository
 
-#### hookuser & hookpasswd (future use not implemented yet)
-tba
+#### hookuser & hookpasswd
+
+##### Create API-Keys for Github / Gitlab
+
+At this stage of development, the API keys must be generated via the API endpoint '/git/apikey' or for a specific collection '/git/{collection}/apikey'. 
+
+In the configuration "tuttle.xml" the "hookuser" is used to define the dbuser which executes the update.
+
+Example configuration for GitHub:
+ * 'Payload URL': https://existdb:8443/exist/apps/tuttle/git/hook
+ * 'Content type': application/json
+
+Example configuration for GitLab:
+ * 'URL' : https://46.23.86.66:8443/exist/apps/tuttle/git/hook
+
 
 ## Dashboard
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "tuttle",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "description": "tuttle - a Git-integration for eXist-db",
   "scripts": {
     "test": "gulp install && mocha --exit",

src/expath-pkg.xml

@@ -2,10 +2,10 @@
 <package 
   xmlns="http://expath.org/ns/pkg"
   name="http://e-editiones.org/tuttle"
-  abbrev="tuttle" version="1.1.1" spec="1.0">
+  abbrev="tuttle" version="1.1.2" spec="1.0">
   <title>Tuttle - Git for eXist-db</title>
   <dependency processor="http://exist-db.org" semver-min="5.3.0"/>
   <dependency package="http://e-editiones.org/roaster" semver-min="1.0.0"/>
   <dependency package="http://exist-db.org/apps/shared" semver-min="0.9.1"/>
-<!--  <dependency package="http://expath.org/ns/crypto" semver-min="5.0.0"/>-->
+  <dependency package="http://expath.org/ns/crypto" semver-min="5.0.0"/>
 </package>

src/modules/api.xql

@@ -335,14 +335,16 @@ declare function api:incremental($request as map(*)) {
  : APIKey generation for webhooks
  :)
 declare function api:api-keygen($request as map(*)) {
-    let $git-collection := config:default-collection()
+    let $git-collection :=
+        if (not(exists($request?parameters?collection)))
+        then config:default-collection()
+        else xmldb:decode-uri($request?parameters?collection)
     let $config := config:collections($git-collection)
-    let $collection := config:default-collection()
 
     return
         if (exists($config))  then (
             let $apikey := app:random-key(42)
-            let $write-apikey := app:write-apikey($collection,  $apikey)
+            let $write-apikey := app:write-apikey($git-collection,  $apikey)
             return 
                 map {
                     "APIKey" : $apikey
@@ -362,12 +364,12 @@ declare function api:hook($request as map(*)) {
 
     return
         if (exists($config))  then (
-            let $apikey := doc(config:apikeys())//apikeys/collection[name = $collection]/key/text()
+            let $apikey := doc(config:apikeys())//apikeys/collection[name = $git-collection]/key/text()
             return 
                 if ($apikey) then (
                     let $apikey-header := 
                         if ($config?vcs = "github" ) then
-                            if (github:check-signature($git-collection, request:get-header("X-Hub-Signature"), request:get-data())) then
+                            if (github:check-signature($git-collection, request:get-header("X-Hub-Signature-256"), util:binary-to-string(request:get-data()))) then
                                 $apikey
                             else ()
                         else
@@ -377,7 +379,7 @@ declare function api:hook($request as map(*)) {
                             let $collection-path := config:prefix() || "/" || $git-collection
                             let $lockfile := $collection-path || "/" || config:lock()
                             let $collection-destination-sha := $collection-path || "/gitsha.xml"
-                            let $login := xmldb:login($collection-path, $config:hookuser, $config:hookpasswd)
+                            let $login := xmldb:login($collection-path, $config?hookuser, $config?hookpasswd)
 
                             return
                                 if (not(exists(doc($lockfile)))) then (

src/modules/app.xql

@@ -93,7 +93,9 @@ declare function app:write-apikey($collection as xs:string, $apikey as xs:string
                 return update insert $add into doc(config:apikeys())//apikeys
             else
                 let $add := <apikeys><collection><name>{$collection}</name><key>{$apikey}</key></collection></apikeys>
-                return xmldb:store($collection-prefix, $apikey-resource, $add)
+                let $store := xmldb:store($collection-prefix, $apikey-resource, $add)
+                let $chmod := sm:chmod(config:apikeys(), "rw-r-----")
+                return $store
     }
     catch * {
         map {

src/modules/github.xql

@@ -4,7 +4,7 @@ module namespace github="http://exist-db.org/apps/tuttle/github";
 
 import module namespace http="http://expath.org/ns/http-client";
 import module namespace compression="http://exist-db.org/xquery/compression";
-(:import module namespace crypto="http://expath.org/ns/crypto";:)
+import module namespace crypto="http://expath.org/ns/crypto";
 
 import module namespace app="http://exist-db.org/apps/tuttle/app" at "app.xql";
 import module namespace config="http://exist-db.org/apps/tuttle/config" at "config.xql";
@@ -218,8 +218,8 @@ declare function github:get-url($config as map(*)) {
  :)
 declare function github:check-signature($collection as xs:string, $signature as xs:string, $payload  as xs:string) as xs:boolean {
     let $private-key := xs:string(doc(config:apikeys())//apikeys/collection[name = $collection]/key/text())
-(:    let $expected-signature := crypto:hmac($payload, $private-key, "HmacSha256", "base64"):)
-    let $expected-signature := ""
+    let $expected-signature := "sha256="||crypto:hmac($payload, $private-key, "HmacSha256", "hex")
+(:    let $expected-signature := "":)
 
     return 
         if ($signature = $expected-signature) then 

src/post-install.xql

@@ -0,0 +1,18 @@
+xquery version "3.1";
+
+import module namespace api="http://exist-db.org/apps/tuttle/api" at "/db/apps/tuttle/modules/api.xql";
+
+declare namespace sm="http://exist-db.org/xquery/securitymanager";
+declare namespace appconf="http://www.bbaw.de/telota/software/ediarum/web/appconf";
+
+(: The following external variables are set by the repo:deploy function :)
+
+(: file path pointing to the exist installation directory :)
+declare variable $home external;
+(: path to the directory containing the unpacked .xar package :)
+declare variable $dir external;
+(: the target collection into which the app is deployed :)
+declare variable $target external;
+
+sm:chmod(xs:anyURI($target||"/modules/api.xql"), "rwxr-sr-x"),
+sm:chmod(xs:anyURI($target||"/data/tuttle.xml"), "rw-r-----")

src/repo.xml

@@ -9,4 +9,5 @@
   <copyright>true</copyright>
   <type>application</type>
   <target>tuttle</target>
+  <finish>post-install.xql</finish>
 </meta>