Bump the development-dependencies group across 1 directory with 2 updates (#183)

dependabot[bot] · aatuny · ammsalme · web-flow · commit 258a311ee9ca · 2025-06-27T11:44:09.000+03:00
* Feature url webhook handler (#155) * Bump @natlibfi/melinda-backend-commons (#143) Bumps the production-dependencies group with 1 update: [@natlibfi/melinda-backend-commons](https://github.com/natlibfi/melinda-backend-commons-js). Updates `@natlibfi/melinda-backend-commons` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/natlibfi/melinda-backend-commons-js/releases) - [Commits](NatLibFi/melinda-backend-commons-js@v2.3.1...v2.3.2) --- updated-dependencies: - dependency-name: "@natlibfi/melinda-backend-commons" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update deps * 1.0.5-alpha.5 * init url route * init url route * fix-lint * merge routes * moar logs * moar logs * moar logs * less logs * less logs * move ip whitelist to route * move ip whitelist to route * Add newest package-lock --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Minttu Hurme <ammsalme@users.noreply.github.com> Co-authored-by: natlibfi-jonollil <53558796+natlibfi-jonollil@users.noreply.github.com> * Bump the development-dependencies group across 1 directory with 2 updates Bumps the development-dependencies group with 2 updates in the / directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [@natlibfi/eslint-config-melinda-backend](https://github.com/natlibfi/eslint-config-melinda-backend). Updates `@babel/core` from 7.27.4 to 7.27.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.7/packages/babel-core) Updates `@natlibfi/eslint-config-melinda-backend` from 3.0.5 to 3.0.6 - [Release notes](https://github.com/natlibfi/eslint-config-melinda-backend/releases) - [Commits](NatLibFi/eslint-config-melinda-backend@v3.0.5...v3.0.6) --- updated-dependencies: - dependency-name: "@babel/core" dependency-version: 7.27.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@natlibfi/eslint-config-melinda-backend" dependency-version: 3.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Aatu Nykänen <27770287+aatuny@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Minttu Hurme <ammsalme@users.noreply.github.com> Co-authored-by: natlibfi-jonollil <53558796+natlibfi-jonollil@users.noreply.github.com>
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/app.js b/src/app.js
@@ -9,7 +9,7 @@ import createWebhookRoute from './routes/webhookRoute';
 
 
 export default async function ({
-  httpPort, githubMetaUrl, openshiftWebhookUrl, ipWhiteList
+  httpPort, githubMetaUrl, openshiftWebhookUrl, ipWhiteList, urlWhiteList
 }) {
   const logger = createLogger();
   const server = await initExpress();
@@ -29,8 +29,7 @@ export default async function ({
     const app = express();
     app.set('trust proxy', true);
     app.use(createExpressLogger());
-    app.use(whiteListMiddleware);
-    app.use('/webhooks', createWebhookRoute(openshiftWebhookUrl));
+    app.use('/webhooks', createWebhookRoute(whiteListMiddleware, openshiftWebhookUrl, urlWhiteList));
 
     app.use(handleError);
 
diff --git a/src/config.js b/src/config.js
@@ -5,3 +5,4 @@ export const httpPort = readEnvironmentVariable('HTTP_PORT', {defaultValue: '808
 export const githubMetaUrl = readEnvironmentVariable('GITHUB_META_URL', {defaultValue: 'https://api.github.com/meta'});
 export const openshiftWebhookUrl = readEnvironmentVariable('OPENSHIFT_WEBHOOK_URL');
 export const ipWhiteList = readEnvironmentVariable('IP_WHITELIST', {defaultValue: [], format: v => JSON.parse(v)});
+export const urlWhiteList = readEnvironmentVariable('URL_WHITELIST', {defaultValue: [], format: v => JSON.parse(v)});
diff --git a/src/routes/webhookRoute.js b/src/routes/webhookRoute.js
@@ -4,20 +4,26 @@ import fetch from 'node-fetch';
 import httpStatus from 'http-status';
 import bodyParser from 'body-parser';
 
-export default function (openshiftWebhookUrl) { // eslint-disable-line no-unused-vars
+export default function (whiteListMiddleware, openshiftWebhookUrl, urlWhiteList) { // eslint-disable-line no-unused-vars
   const logger = createLogger();
 
   return new Router()
-    .post('/:project/:buildConfig/:id', bodyParser.json(), handleHook)
-    .post('/namespaces/:project/buildconfigs/:buildConfig/webhooks/:id/generic', bodyParser.json(), handleHook)
-    .post('/apis/build.openshift.io/v1/namespaces/:project/buildconfigs/:buildConfig/webhooks/:id/generic', bodyParser.json(), handleHook)
+    .post('/:project/:buildConfig/:id', whiteListMiddleware, bodyParser.json(), handleHook)
+    .post('/namespaces/:project/buildconfigs/:buildConfig/webhooks/:id/generic', whiteListMiddleware, bodyParser.json(), handleHook)
+    .post('/apis/build.openshift.io/v1/namespaces/:project/buildconfigs/:buildConfig/webhooks/:id/generic', whiteListMiddleware, bodyParser.json(), handleHook)
+    .post('/url', bodyParser.json(), handleUrlHook)
     .use(handleError);
 
   function handleHook(req, res) {
     logger.debug('webhookRoute/handleHook');
     const {project, buildConfig, id} = req.params;
     const data = req.body;
-    logger.debug('data: ', data);
+
+    if ('repository' in data && 'branch' in data) { // eslint-disable-line functional/no-conditional-statements
+      logger.debug('Repository: ', data.repository);
+      logger.debug('Branch: ', data.branch);
+    }
+
     const triggerUrl = `${openshiftWebhookUrl}/${project}/buildconfigs/${buildConfig}/webhooks/${id}/generic`;
     fetch(
       triggerUrl,
@@ -32,6 +38,28 @@ export default function (openshiftWebhookUrl) { // eslint-disable-line no-unused
     res.status(httpStatus.OK).json({status: 200});
   }
 
+  function handleUrlHook(req, res) {
+    const {triggerUrl} = req.query;
+
+    if (!urlWhiteList.some(urlRegexp => new RegExp(urlRegexp, 'u').test(triggerUrl))) {
+      return res.status(httpStatus.FORBIDDEN).json({status: 403});
+    }
+
+    const data = req.body;
+
+    fetch(
+      triggerUrl,
+      {
+        method: 'post',
+        headers: {
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify(data)
+      }
+    );
+    res.status(httpStatus.OK).json({status: 200});
+  }
+
   function handleError(err, req, res, next) {
     logger.debug('webhookRoute/handleError');
     logger.error('Error: ', err);
