Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use asym key to sign webhooks #916

Merged
merged 26 commits into from
Jun 1, 2022
Merged

Conversation

anbraten
Copy link
Member

@anbraten anbraten commented May 14, 2022

closes #865

  • use public private key for http signing
  • generate global ed25519 key pair
  • save generated key pair to db and load on next restart
  • add endpoint for getting public key
  • add migration notice
  • update docs
  • update sample config service => will be done after merging this to not confuse users

@anbraten anbraten changed the title use async key pair for webhooks use async key to sign webhooks May 14, 2022
@anbraten anbraten changed the title use async key to sign webhooks Use async key to sign webhooks May 14, 2022
@woodpecker-bot
Copy link
Collaborator

woodpecker-bot commented May 14, 2022

Deployment of preview was successful: https://woodpecker-ci-woodpecker-pr-916.surge.sh

@codecov-commenter
Copy link

codecov-commenter commented May 14, 2022

Codecov Report

Merging #916 (932edb1) into master (e172b66) will decrease coverage by 0.33%.
The diff coverage is 44.88%.

❗ Current head 932edb1 differs from pull request most recent head 8fc107b. Consider uploading reports for the commit 8fc107b to get more accurate results

@@            Coverage Diff             @@
##           master     #916      +/-   ##
==========================================
- Coverage   51.63%   51.29%   -0.34%     
==========================================
  Files          79       81       +2     
  Lines        6075     6158      +83     
==========================================
+ Hits         3137     3159      +22     
- Misses       2756     2815      +59     
- Partials      182      184       +2     
Impacted Files Coverage Δ
cmd/agent/agent.go 0.00% <0.00%> (ø)
server/grpc/rpc.go 0.00% <0.00%> (ø)
server/grpc/server.go 0.00% <ø> (ø)
server/queue/persistent.go 0.00% <0.00%> (ø)
server/queue/queue.go 63.26% <ø> (ø)
server/store/datastore/migration/migration.go 37.50% <ø> (ø)
server/plugins/utils/http.go 22.41% <22.41%> (ø)
server/store/datastore/server_config.go 69.23% <69.23%> (ø)
server/grpc/filter.go 100.00% <100.00%> (+13.63%) ⬆️
server/queue/fifo.go 83.13% <100.00%> (ø)
... and 4 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a2ca657...8fc107b. Read the comment docs.

@anbraten anbraten added breaking will break existing installations if no manual action happens enhancement improve existing features labels May 14, 2022
@anbraten anbraten mentioned this pull request May 14, 2022
4 tasks
@anbraten anbraten marked this pull request as draft May 17, 2022 16:10
@anbraten anbraten marked this pull request as ready for review May 17, 2022 20:20
@6543 6543 added this to the 1.0.0 milestone Jun 1, 2022
@6543 6543 enabled auto-merge (squash) June 1, 2022 13:29
@6543 6543 changed the title Use async key to sign webhooks Use asym key to sign webhooks Jun 1, 2022
@6543 6543 disabled auto-merge June 1, 2022 13:37
@6543
Copy link
Member

6543 commented Jun 1, 2022

could you have a look at https://github.com/go-ap/httpsig since the maintainer of the new used lib do not have time to maintain (one-man-show) ...

@anbraten
Copy link
Member Author

anbraten commented Jun 1, 2022

So should I try to replace https://github.com/go-fed/httpsig with https://github.com/go-ap/httpsig?

@anbraten
Copy link
Member Author

anbraten commented Jun 1, 2022

I adjusted the code to use https://github.com/go-ap/httpsig

@anbraten anbraten merged commit cc30db4 into woodpecker-ci:master Jun 1, 2022
@anbraten anbraten deleted the webhook-pubkey branch June 1, 2022 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
breaking will break existing installations if no manual action happens enhancement improve existing features
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Use rsa for http signing
4 participants