feat: auto-generated per-repo webhook secrets with dashboard proxy
Some checks failed
CI / Format (push) Successful in 5s
CI / Clippy (push) Failing after 1m57s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
CI / Security Audit (push) Has been skipped
CI / Tests (push) Has been skipped
CI / Detect Changes (push) Has been skipped
CI / Deploy Agent (push) Has been skipped
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
CI / Format (pull_request) Successful in 8s
CI / Clippy (pull_request) Failing after 1m53s
CI / Security Audit (pull_request) Has been skipped
CI / Tests (pull_request) Has been skipped
Some checks failed
CI / Format (push) Successful in 5s
CI / Clippy (push) Failing after 1m57s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
CI / Security Audit (push) Has been skipped
CI / Tests (push) Has been skipped
CI / Detect Changes (push) Has been skipped
CI / Deploy Agent (push) Has been skipped
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
CI / Format (pull_request) Successful in 8s
CI / Clippy (pull_request) Failing after 1m53s
CI / Security Audit (pull_request) Has been skipped
CI / Tests (pull_request) Has been skipped
- Auto-generate webhook_secret on repository creation (UUID-based)
- Webhook routes use per-repo URLs: /webhook/{platform}/{repo_id}
- Verify signatures using per-repo secret (not global env var)
- Dashboard proxies webhooks to agent (agent not exposed publicly)
- Edit modal shows webhook URL + secret for user to copy into Gitea
- Add webhook-config API endpoint to retrieve per-repo secret
- Add Gitea option to edit dialog tracker type dropdown
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -14,7 +14,6 @@ pub struct AgentConfig {
|
||||
pub gitlab_url: Option<String>,
|
||||
pub gitlab_token: Option<SecretString>,
|
||||
pub gitlab_webhook_secret: Option<SecretString>,
|
||||
pub gitea_webhook_secret: Option<SecretString>,
|
||||
pub jira_url: Option<String>,
|
||||
pub jira_email: Option<String>,
|
||||
pub jira_api_token: Option<SecretString>,
|
||||
|
||||
@@ -25,6 +25,9 @@ pub struct TrackedRepository {
|
||||
pub scan_schedule: Option<String>,
|
||||
#[serde(default)]
|
||||
pub webhook_enabled: bool,
|
||||
/// Auto-generated HMAC secret for verifying incoming webhooks
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub webhook_secret: Option<String>,
|
||||
pub tracker_type: Option<TrackerType>,
|
||||
pub tracker_owner: Option<String>,
|
||||
pub tracker_repo: Option<String>,
|
||||
@@ -72,6 +75,8 @@ where
|
||||
impl TrackedRepository {
|
||||
pub fn new(name: String, git_url: String) -> Self {
|
||||
let now = Utc::now();
|
||||
// Generate a random webhook secret (hex-encoded UUID v4, no dashes)
|
||||
let webhook_secret = uuid::Uuid::new_v4().to_string().replace('-', "");
|
||||
Self {
|
||||
id: None,
|
||||
name,
|
||||
@@ -82,6 +87,7 @@ impl TrackedRepository {
|
||||
auth_token: None,
|
||||
auth_username: None,
|
||||
webhook_enabled: false,
|
||||
webhook_secret: Some(webhook_secret),
|
||||
tracker_type: None,
|
||||
tracker_owner: None,
|
||||
tracker_repo: None,
|
||||
|
||||
Reference in New Issue
Block a user