paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9816f510dc9184b77e467ac648eea07ddb524bde
backstage/plugins/events-backend-module-github
T
History
Patrick Jungermann 9816f510dc fix(events,github): fixes signature validation by using raw req body 
Adds raw body information (body as buffer, encoding)
to `RequestDetails` to support more request validation
use cases.

Additionally, uses the raw body to retrieve the transmitted
JSON string unparsed/raw to correctly validate the signature.

Previously, we re-stringified the parsed JSON payload
which could lead to different JSON strings.
Those differences can lead to the rejection of requests
due to a mismatch in expected signature.

Fixes: #26709
Relates-to: PR #26884
Co-authored-by: Christopher Diaz <cdiaz@rvohealth.com>
Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
2024-10-24 17:19:12 +02:00
..
src
fix(events,github): fixes signature validation by using raw req body
2024-10-24 17:19:12 +02:00
.eslintrc.js
catalog-info.yaml
CHANGELOG.md
Version Packages (next)
2024-10-22 14:53:13 +00:00
config.d.ts
knip-report.md
package.json
Version Packages (next)
2024-10-22 14:53:13 +00:00
README.md
docs: remove function call from all backend feature installation instructions
2024-09-18 15:22:41 +02:00
report-alpha.api.md
update files
2024-09-23 14:41:40 +02:00
report.api.md
chore: fix api-reports warnings
2024-10-14 17:56:00 +02:00

README.md

events-backend-module-github

Welcome to the events-backend-module-github backend module!

This package is a module for the events-backend backend plugin and extends the event system with an GithubEventRouter.

The event router will subscribe to the topic github and route the events to more concrete topics based on the value of the provided x-github-event metadata field.

Examples:

x-github-event topic
pull_request github.pull_request
push github.push
repository github.repository

Please find all possible webhook event types at the official documentation.

Installation

# From your Backstage root directory
yarn --cwd packages/backend add @backstage/plugin-events-backend-module-github

Event Router

// packages/backend/src/index.ts
import { eventsModuleGithubEventRouter } from '@backstage/plugin-events-backend-module-github/alpha';
// ...
backend.add(eventsModuleGithubEventRouter);

Legacy Backend System

// packages/backend/src/plugins/events.ts
const eventRouter = new GithubEventRouter({ events: env.events });
await eventRouter.subscribe();

Signature Validator

// packages/backend/src/index.ts
import { eventsModuleGithubWebhook } from '@backstage/plugin-events-backend-module-github/alpha';
// ...
backend.add(eventsModuleGithubWebhook);

Legacy Backend System

Add the signature validator for the topic github:

// packages/backend/src/plugins/events.ts
+ import { createGithubSignatureValidator } from '@backstage/plugin-events-backend-module-github';
  // [...]
    const http = HttpPostIngressEventPublisher.fromConfig({
      config: env.config,
      events: env.events,
      ingresses: {
+       github: {
+         validator: createGithubSignatureValidator(env.config),
+       },
     },
     logger: env.logger,
  });

Configuration

events:
  modules:
    github:
      webhookSecret: your-secret-token

Configuration at GitHub: https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks

Reference in New Issue View Git Blame Copy Permalink