feat: Gitea webhook with HMAC-SHA256 auth, agent label routing, auto-close issues
Made-with: Cursor
This commit is contained in:
27
dist/server.js
vendored
27
dist/server.js
vendored
@@ -40,6 +40,7 @@ const express_1 = __importDefault(require("express"));
|
||||
const cors_1 = __importDefault(require("cors"));
|
||||
const fs = __importStar(require("fs"));
|
||||
const path = __importStar(require("path"));
|
||||
const crypto = __importStar(require("crypto"));
|
||||
const child_process_1 = require("child_process");
|
||||
const job_store_1 = require("./job-store");
|
||||
const agent_runner_1 = require("./agent-runner");
|
||||
@@ -157,19 +158,25 @@ app.get('/api/jobs', (req, res) => {
|
||||
const limit = parseInt(req.query.limit || '20', 10);
|
||||
res.json((0, job_store_1.listJobs)(limit));
|
||||
});
|
||||
// Gitea webhook endpoint — triggers agent from a push/issue event
|
||||
app.post('/webhook/gitea', (req, res) => {
|
||||
// Gitea webhook endpoint — triggers agent from an issue event
|
||||
// Must use raw body for HMAC verification — register before express.json()
|
||||
app.post('/webhook/gitea', express_1.default.raw({ type: 'application/json' }), (req, res) => {
|
||||
const event = req.headers['x-gitea-event'];
|
||||
const body = req.body;
|
||||
// Verify secret if configured
|
||||
const rawBody = req.body;
|
||||
// Verify HMAC-SHA256 signature
|
||||
const webhookSecret = process.env.WEBHOOK_SECRET;
|
||||
if (webhookSecret) {
|
||||
const sig = req.headers['x-gitea-signature'];
|
||||
if (!sig || sig !== webhookSecret) {
|
||||
const expected = crypto
|
||||
.createHmac('sha256', webhookSecret)
|
||||
.update(rawBody)
|
||||
.digest('hex');
|
||||
if (!sig || !crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) {
|
||||
res.status(401).json({ error: 'Invalid webhook signature' });
|
||||
return;
|
||||
}
|
||||
}
|
||||
const body = JSON.parse(rawBody.toString('utf8'));
|
||||
let task = null;
|
||||
let agentName = 'Coder';
|
||||
let repo;
|
||||
@@ -183,13 +190,17 @@ app.post('/webhook/gitea', (req, res) => {
|
||||
else if (labels.includes('agent:marketing')) {
|
||||
agentName = 'Marketing';
|
||||
}
|
||||
else {
|
||||
else if (labels.includes('agent:coder')) {
|
||||
agentName = 'Coder';
|
||||
}
|
||||
task = `Resolve this GitHub issue:\n\nTitle: ${issue.title}\n\nDescription:\n${issue.body || '(no description)'}`;
|
||||
else {
|
||||
// No agent label — ignore
|
||||
res.json({ ignored: true, reason: 'no agent label on issue' });
|
||||
return;
|
||||
}
|
||||
task = `You have been assigned to resolve a Gitea issue in the repo ${repo}.\n\nIssue #${issue.number}: ${issue.title}\n\nDescription:\n${issue.body || '(no description)'}\n\nWhen done, close the issue by calling gitea_close_issue.`;
|
||||
}
|
||||
else if (event === 'push') {
|
||||
// Optionally trigger on push — useful for CI-style automation
|
||||
res.json({ ignored: true, reason: 'push events not auto-processed' });
|
||||
return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user