Merge pull request #37 from greenkeeperio/feat/nexus

janl · web-flow · commit 4a912fdef308 · 2018-09-04T11:42:57.000+02:00
Sonatype Nexus Follower
diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,4 @@ node_modules/
 .env
 .nyc_output/
 *.log
+.DS_Store
diff --git a/index.js b/index.js
@@ -11,7 +11,12 @@ require('./lib/rollbar')
     prefix: 'hooks.',
     globalTags: [env.NODE_ENV]
   })
-  const server = new hapi.Server()
+  const server = new hapi.Server({
+    debug: {
+      log: ['error', 'requested'],
+      request: ['error', 'requested', 'request']
+    }
+  })
   const conn = await amqp.connect(env.AMQP_URL)
   const channel = await conn.createChannel()
   await channel.assertQueue(env.QUEUE_NAME, {
@@ -85,11 +90,21 @@ require('./lib/rollbar')
     }
   }])
 
+  if (env.IS_ENTERPRISE) {
+    await server.register({
+      register: require('./lib/nexus-event'),
+      options: {
+        env,
+        channel
+      }
+    })
+  }
+
   server.on('response', (request, reply) => {
     statsdClient.increment(`status_code.${request.response.statusCode}`)
     statsdClient.timing('response_time', Date.now() - request.info.received)
   })
 
   await server.start()
-  console.log('server running')
+  console.log('server running', server.info.uri)
 })()
diff --git a/lib/env.js b/lib/env.js
@@ -2,7 +2,7 @@ const envalid = require('envalid')
 const {str, num, url, bool} = envalid
 
 module.exports = envalid.cleanEnv(process.env, {
-  PORT: num({default: 8000}),
+  PORT: num({default: 5000}),
   WEBHOOKS_SECRET: str({devDefault: 'YOLO'}),
   NPMHOOKS_SECRET: str({devDefault: 'SWAG'}),
   QUEUE_NAME: str({default: 'events'}),
@@ -11,5 +11,9 @@ module.exports = envalid.cleanEnv(process.env, {
   ROLLBAR_TOKEN_HOOKS: str({devDefault: ''}),
   STATSD_HOST: str({default: '172.17.0.1'}),
   BEARER_TOKEN: str({devDefault: 'PIZZA'}),
-  IS_ENTERPRISE: bool({default: false})
+  IS_ENTERPRISE: bool({default: false}),
+  NEXUS_SECRET: str({devDefault: 'test'}),
+  NEXUS_URL: str({devDefault: 'http://127.0.0.1:8081/repository'}),
+  NEXUS_REPOSITORY: str({devDefault: 'my-npm'}),
+  NEXUS_INSTALLATION: str({devDefault: '1'})
 })
diff --git a/lib/nexus-event.js b/lib/nexus-event.js
@@ -0,0 +1,102 @@
+const crypto = require('crypto')
+
+const fetch = require('node-fetch')
+const _ = require('lodash')
+
+const rollbar = require('./rollbar')
+
+module.exports = nexusEvent
+module.exports.attributes = {
+  name: 'nexus'
+}
+
+function nexusEvent (server, {env, channel}, next) {
+  server.route({
+    method: 'POST',
+    path: '/nexus/',
+    handler,
+    config: {
+      payload: {
+        output: 'data',
+        parse: false,
+        maxBytes: 1024 * 1024 * 25 // = 25 MB
+      }
+    }
+  })
+
+  async function handler (request, reply) {
+    const nexusSecret = env.NEXUS_SECRET
+    const nexusUrl = env.NEXUS_URL
+    const nexusRepository = env.NEXUS_REPOSITORY
+    const nexusInstallation = env.NEXUS_INSTALLATION
+
+    if (!nexusSecret || !nexusUrl || !nexusRepository || !nexusInstallation) {
+      return reply({ok: false}).code(503) // Service Unavailable
+    }
+
+    const payload = request.payload.toString()
+    const signature = request.headers['x-nexus-webhook-signature']
+
+    var hmacDigest = crypto.createHmac('sha1', nexusSecret)
+      .update(payload)
+      .digest('hex')
+
+    if (signature !== hmacDigest) {
+      return reply({ok: false}).code(403)
+    }
+
+    let update
+    try {
+      update = JSON.parse(payload)
+      // we can only parse out the version on here
+      if (update.action !== 'CREATED') {
+        return reply({ok: true}).code(200)
+      }
+    } catch (e) {
+      console.log(e)
+      return reply({error: true}).code(401)
+    }
+
+    const name = update.asset.name.split('/-/')[0]
+    // const version = update.asset.name.match(/-(\d+\.\d+\.\d+.*)\.tgz/)[1]
+
+    const docUrl = `${nexusUrl}/${nexusRepository}/${name}`
+
+    let doc
+    try {
+      doc = await (await fetch(docUrl)).json()
+    } catch (e) {
+      console.log('doc fetch error', e)
+      throw (e)
+    }
+
+    const versions = _.mapValues(doc.versions, v => _.pick(v, ['gitHead', 'repository']))
+
+    const job = {
+      name: 'registry-change',
+      dependency: name,
+      installation: nexusInstallation,
+      distTags: doc['dist-tags'],
+      versions: versions,
+      registry: nexusUrl
+    }
+
+    try {
+      await channel.sendToQueue(env.QUEUE_NAME, Buffer.from(JSON.stringify(job)), {priority: 1})
+    } catch (err) {
+      console.log('rollbar', err)
+      rollbar.error(err, _.assign({}, request.raw.req, {
+        socket: {
+          encrypted: request.server.info.protocol === 'https'
+        },
+        connection: {
+          remoteAddress: request.info.remoteAddress
+        }
+      }))
+      return reply({error: true}).code(501)
+    }
+
+    reply({ok: true}).code(202)
+  }
+  next()
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -15,6 +15,7 @@
     "rollbar": "^2.4.0"
   },
   "devDependencies": {
+    "nock": "^9.6.1",
     "standard": "^11.0.0",
     "tap": "^12.0.0"
   },
diff --git a/test/nexus-event.js b/test/nexus-event.js
