Skip to content

Rename ZULIP_TOKEN env var to ZULIP_WEBHOOK_SECRET #1991

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Rename ZULIP_TOKEN env var to ZULIP_WEBHOOK_SECRET #1991

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .env.sample
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ GITHUB_WEBHOOK_SECRET=MUST_BE_CONFIGURED
# ZULIP_API_TOKEN=yyy

# Authenticates inbound webhooks from Github
# ZULIP_TOKEN=xxx
# ZULIP_WEBHOOK_SECRET=xxx

# Use another endpoint to retrieve teams of the Rust project (useful for local testing)
# default: https://team-api.infra.rust-lang.org/v1
Expand Down
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ curl http://localhost:8000/zulip-hook \
-H "Content-Type: application/json" \
-d '{
"data": "<CMD>",
"token": "<ZULIP_TOKEN>",
"token": "<ZULIP_WEBHOOK_SECRET>",
"message": {
"sender_id": <YOUR_ID>,
"recipient_id": <YOUR_ID>,
Expand All @@ -121,7 +121,7 @@ curl http://localhost:8000/zulip-hook \
Where:
- `CMD` is the exact command you would issue @triagebot on Zulip (ex. open a direct chat with the
bot and send "work show")
- `ZULIP_TOKEN`: can be anything. Must correspond to the env var `$ZULIP_TOKEN` on your workstation
- `ZULIP_WEBHOOK_SECRET`: can be anything. Must correspond to the env var `$ZULIP_WEBHOOK_SECRET` on your workstation
- `YOUR_ID`: your GitHub user ID. Must be existing in your local triagebot database (table `users` and as
foreign key also in `review_prefs`)

Expand Down
21 changes: 19 additions & 2 deletions src/zulip.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,12 +125,29 @@ pub async fn respond(ctx: &Context, req: Request) -> String {
serde_json::to_string(&Response { content }).unwrap()
}

pub fn get_token_from_env() -> Result<String, anyhow::Error> {
// ZULIP_WEBHOOK_SECRET is preferred, ZULIP_TOKEN is kept for retrocompatibility but will be deprecated
match std::env::var("ZULIP_WEBHOOK_SECRET") {
Ok(v) => return Ok(v),
Err(_) => (),
}

match std::env::var("ZULIP_TOKEN") {
Ok(v) => return Ok(v),
Err(_) => (),
}

log::error!(
"Cannot communicate with Zulip: neither ZULIP_WEBHOOK_SECRET or ZULIP_TOKEN are set."
);
anyhow::bail!("Cannot communicate with Zulip.");
}

/// Processes a Zulip webhook.
///
/// Returns a string of the response, or None if no response is needed.
async fn process_zulip_request(ctx: &Context, req: Request) -> anyhow::Result<Option<String>> {
let expected_token = std::env::var("ZULIP_TOKEN").expect("`ZULIP_TOKEN` set for authorization");

let expected_token = get_token_from_env()?;
if !bool::from(req.token.as_bytes().ct_eq(expected_token.as_bytes())) {
anyhow::bail!("Invalid authorization.");
}
Expand Down
Loading