Initial commit

Author: jloh

.gitignore

@@ -0,0 +1,29 @@
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+.requirements/
+__pycache__/
+
+# Serverless directories
+.serverless
+
+# Node files
+node_modules/
+
+# Project specific
+# Don't commit config.yaml
+config.yaml

LICENCE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 James Loh
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,87 @@
+# Serverless Webhooks
+
+[![license](https://img.shields.io/github/license/jloh/dotfiles.svg)]() [![serverless](https://img.shields.io/badge/language-python-brightgreen.svg)]() [![serverless](https://img.shields.io/badge/serverless-1.22.0+-green.svg)]()
+
+Serverless Webhooks is a small python project that digests webhooks from services that don't easily support push notifications and turns them into Pushbullet pushes. Depending on the number of events this project should fit under the free tier on AWS.
+
+At this stage it supports GitHub, Discourse and Mailerlite webhooks inbound and only Pushbullet for notifications. Eventually I would like to move the Pushbullet code out to be more portable and support other platforms.
+
+## Setup
+
+### Enncrypted Variables
+
+This project uses [AWS SSM](https://serverless.com/framework/docs/providers/aws/guide/variables/#reference-variables-using-the-ssm-parameter-store) environment variables to store secret tokens. A below example shows how to store them using the AWS CLI tools:
+
+```
+aws ssm put-parameter --name /hooks/pushbullet_api_key --value <secure token in here> --type SecureString
+```
+
+### Requirments
+
+Install `serverless` and `serverless-python-requirements`:
+
+```
+npm install -g serverless
+sls plugin install serverless-python-requirements
+```
+
+Install python requirements  
+**Note:** Its highly suggested you install the python requirments inside a virtualenv!
+
+```
+pip install -r requirements.txt
+```
+
+Now login to [Pushbullet](https://www.pushbullet.com/#settings) and generate an access token. This access token should be store as a [SSM variable](#requirments) under `/hooks/pushbullet_api_key`.
+
+Now deploy your Serverless gateway:
+
+```
+sls deploy
+```
+
+### Endpoints
+
+#### GitHub
+
+1. Generate a [secret token](https://developer.github.com/webhooks/securing/)  
+  You could use `ruby -rsecurerandom -e 'puts SecureRandom.hex(20)'`
+1. Add your secret to [AWS SSM](#enncrypted-variables) under `/hooks/github_secret` eg:
+    ```
+    aws ssm put-parameter --name /hooks/github_secret --value a3f7b3d530ab15e2f07df0324f8255cfcade49cd --type SecureString
+    ```
+1. Confirm your gateway that serverless created above (check it via `sls info`)
+1. Go to your repository settings -> [Webhooks](https://developer.github.com/webhooks/).
+1. Add a new webhook:
+   * Payload URL -> Your serverless POST endpoint for GitHub
+   * Content Type -> `application/json`
+   * Secret -> The secret you generated above
+   * Events -> The events configured in `config.yaml`
+1. Click add *Add Webhook*!
+
+If you've done everything above correctly you should recieve a Ping event from GitHub via Pushbullet.
+
+#### Discourse
+
+1. Generate a secret to sign the payloads with
+   You could use `ruby -rsecurerandom -e 'puts SecureRandom.hex(20)'`
+1. Add your secret to [AWS SSM](#enncrypted-variables) under `/hooks/discourse_secret` eg:
+    ```
+    aws ssm put-parameter --name /hooks/discourse_secret --value a3f7b3d530ab15e2f07df0324f8255cfcade49cd --type SecureString
+    ```
+1. Confirm your gateway that serverless created above (check it via `sls info`)
+1. Go to the [Discourse Admin interface](https://meta.discourse.org/t/49045) -> API -> Webhooks -> New Webhook
+1. Enter your settings into Discourse:
+   * Payload URL for the Discourse endpoint (`/v1/discourse`)
+   * Content-Type -> `application/json`
+   * Secret -> the one you generated above
+
+If you've done everything above correctly try and send a ping event to your Discourse endpoint!
+
+#### Mailerlite
+
+Doco coming!
+
+---
+
+**Licence:** MIT

example.config.yaml

@@ -0,0 +1,110 @@
+---
+github:
+    events:
+        ping:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: ping"
+                body:  "Ping event for repo {repository[full_name]}"
+                link:  "{repository[html_url]}"
+                always: true
+        commit_comment:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} commented on {comment[commit_id]!s:.8}"
+                body:  "{body}"
+                link:  "{comment[html_url]}"
+        create:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: new {ref_type} created by {sender[login]}"
+                body:  "{ref_type}: {ref}"
+                link:  "{repository[html_url]}"
+        delete:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {ref_type} deleted by {sender[login]}"
+                body:  "{ref_type}: {ref}"
+                link:  "{repository[html_url]}"
+        fork:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} just forked your repo!"
+                body:  "Forked repo at {forkee[full_name]}"
+                link:  "{forkee[html_url]}"
+        issues:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} {action} issue #{issue[number]!s}"
+                body:  "{issue[body]}"
+                link:  "{issue[html_url]}"
+        issue_comment:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} {action} a comment on issue #{issue[number]!s}"
+                body:  "{comment[body]}"
+                link:  "{comment[html_url]}"
+        member:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {member[login]} has been {action} "
+                body:  "Member was {action} by {sender[login]}"
+                link:  "{repository[html_url]}/settings/collaboration"
+                always: true
+        page_build:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} {build[status]} a new pages version"
+                body:  "{build[error][message]}"
+                link:  "{build[url]}"
+                always: true
+        pull_request:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} {action} PR #{number!s}"
+                body:  "{pull_request[body]}"
+                link:  "{pull_request[html_url]}"
+        pull_request_review:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} {action} a review on PR #{pull_request[number]!s}"
+                body:  "{review[body]}"
+                link:  "{review[html_url]}"
+        pull_request_review_comment:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} {action} a comment on PR #{pull_request[number]!s}"
+                body:  "{comment[body]}"
+                link:  "{comment[html_url]}"
+        push:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: new commit"
+                body:  "New commit ({head_commit[id]!s:.8}) by {pusher[name]}"
+                link:  "{compare}"
+        watch:
+            pushbullet:
+                title: "[GitHub] {repository[full_name]}: {sender[login]} just stared your repository!"
+                body:  "You now have {repository[stargazers_count]!s} stars"
+                link:  "{sender[html_url]}"
+    # List of users to ignore
+    ignore:
+            - 'dummy-user'
+
+discourse:
+    events:
+        ping:
+            pushbullet:
+                title: "[Discourse] ping"
+                body:  "pong!"
+                link:  "https://meta.discourse.org"
+        post_created:
+            pushbullet:
+                title: "[Discourse] New post by {post[username]}"
+                body:  "Post topic: {post[topic_slug]}"
+                link:  "https://meta.discourse.org/t/{post[topic_slug]}/{post[topic_id]}/{post[post_number]}/"
+        topic_created:
+            pushbullet:
+                title: "[Discourse] New topic created: {topic[title]}"
+                body:  "Topic created by {topic[details][created_by][username]}"
+                link:  "https://meta.discourse.org/t/{topic[slug]}/{topic[id]}/"
+        user_created:
+            pushbullet:
+                title: "[Discourse] New user created: {user[username]}"
+                body:  "Name: {user[name]}\n"
+                link:  "https://meta.discourse.org/u/{user[username]}"
+
+updown_events:
+    check.down:
+        title: "[updown] {check[alias]} ({check[url]}) is failing"
+        body:  "Since: {downtime[started_at]}\nError: {check[error]}\nLast check: {check[last_check_at]}\nNext check: {check[next_check_at]}"
+    check.up:
+        title: "[updown] {check[alias]} ({check[url]}) is passing"
+        body:  "Since: {downtime[ended_at]}\nDuration: {downtime[duration]}\nLast status: {check[last_status]}"

requirements.txt

@@ -0,0 +1,10 @@
+certifi==2017.4.17
+chardet==3.0.4
+idna==2.5
+pushbullet.py==0.11.0
+python-magic==0.4.13
+PyYAML==3.12
+requests==2.18.1
+six==1.10.0
+urllib3==1.21.1
+websocket-client==0.44.0

serverless.yml

@@ -0,0 +1,42 @@
+service: serverless-webhooks
+
+provider:
+  name: aws
+  runtime: python3.6
+  # Global environment vars
+  environment:
+    pushbullet_api_key: '${ssm:/hooks/pushbullet_api_key~true}'
+
+plugins:
+  - serverless-python-requirements
+
+package:
+  exclude:
+    # Exclude python env
+    - env/**
+
+functions:
+  discourse:
+    handler: webhooks/discourse.handler
+    events:
+      - http:
+          path: v1/discourse
+          method: post
+    environment:
+      discourse_secret: '${ssm:/hooks/discourse_secret~true}'
+  github:
+    handler: webhooks/github.handler
+    events:
+      - http:
+          path: v1/github
+          method: post
+    environment:
+      github_secret: '${ssm:/hooks/github_secret~true}'
+  mailerlite:
+    handler: webhooks/mailerlite.handler
+    events:
+      - http:
+          path: v1/mailerlite
+          method: post
+    environment:
+      mailerlite_secret: '${ssm:/hooks/mailerlite_secret~true}'

util/__init__.py

@@ -0,0 +1,29 @@
+import hmac
+import hashlib
+from hashlib import sha1, sha256
+from sys import hexversion
+
+# Verifys Signatures against digest/messages
+def verify_signature(secret, message, signature, digest):
+
+    # TODO: redo this shitty code
+    if digest == 'sha1':
+        digest = sha1
+    elif digest == 'sha256':
+        digest = sha256
+
+    # Turn out AWS body into bytes
+    message_string = str(message)
+    message_bytes  = message_string.encode()
+
+    # Our secret is already a string but we need to turn it into bytes
+    secret_bytes   = secret.encode()
+
+    # Create MAC
+    mac = hmac.new(secret_bytes, msg=message_bytes, digestmod=digest)
+
+    # Compare our signature against our message
+    if hmac.compare_digest(str(mac.hexdigest()), str(signature)):
+        return True
+    else:
+        return False

util/funcs.py

@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+
+# Gets our config from yaml and returns it!
+
+import argparse, yaml
+
+def parse_args():
+    parser = argparse.ArgumentParser(description='Python Serverless Webhook server.')
+    parser.add_argument('-c', '--config', type=argparse.FileType('r'), default='config.yaml',
+            help='config file to load settings from')
+    args, unknown = parser.parse_known_args()
+
+    return args
+
+def load_config(config_file):
+    print('Loading config file {}'.format(config_file.name))
+    try:
+        config = yaml.load(config_file)
+    except yaml.YAMLError as e:
+        exc_type, exc_obj, exc_tb = sys.exc_info()
+        print('Error loading YAML {} on line {}'.format(e, exc_tb.tb_lineno))
+
+    return config
+
+def return_config():
+    """
+    Gets our config from YAML and returns it
+    """
+
+    args   = parse_args()
+    config = load_config(args.config)
+
+    return(config)
+
+if __name__ == "__main__":
+    return_config()