Replace the single global webhook secret with entity-scoped secrets stored
on each project and static site. Webhook-driven project autocreate is
removed — projects must exist before their URL can trigger deploys.
Also wires static-site webhooks (sync_trigger=push|tag), turning the
previously inert "push" trigger into a functional one: POST the site's
webhook URL from a Git provider and Tinyforge re-syncs on matching refs.
- Adds webhook_secret columns + unique indexes to projects and static_sites
- Per-entity GET/regenerate endpoints under /api/projects/{id}/webhook
and /api/sites/{id}/webhook (admin-only)
- Removes /api/settings/webhook-url and the global webhook panel
- Reusable WebhookPanel Svelte component on both detail pages, i18n in en/ru
- Tests for matcher (siteRefMatches, ParseImageRef) and handler (project
match/mismatch/404 and site push/manual/branch-skip)
This commit is contained in:
@@ -14,7 +14,6 @@ import (
|
||||
"github.com/alexei/tinyforge/internal/proxy"
|
||||
"github.com/alexei/tinyforge/internal/store"
|
||||
"github.com/alexei/tinyforge/internal/volume"
|
||||
"github.com/alexei/tinyforge/internal/webhook"
|
||||
)
|
||||
|
||||
// settingsRequest is the expected JSON body for updating settings.
|
||||
@@ -275,40 +274,6 @@ func (s *Server) updateSettings(w http.ResponseWriter, r *http.Request) {
|
||||
respondJSON(w, http.StatusOK, map[string]string{"status": "updated"})
|
||||
}
|
||||
|
||||
// getWebhookURL handles GET /api/settings/webhook-url.
|
||||
func (s *Server) getWebhookURL(w http.ResponseWriter, r *http.Request) {
|
||||
settings, err := s.store.GetSettings()
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, "failed to get settings: "+err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
webhookPath := ""
|
||||
if settings.WebhookSecret != "" {
|
||||
webhookPath = "/api/webhook/" + settings.WebhookSecret
|
||||
}
|
||||
|
||||
respondJSON(w, http.StatusOK, map[string]string{
|
||||
"webhook_url": webhookPath,
|
||||
})
|
||||
}
|
||||
|
||||
// regenerateWebhookSecret handles POST /api/settings/regenerate.
|
||||
func (s *Server) regenerateWebhookSecret(w http.ResponseWriter, r *http.Request) {
|
||||
secret, err := webhook.RegenerateWebhookSecret(s.store)
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, "failed to regenerate webhook secret: "+err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
webhookURL := "/api/webhook/" + secret
|
||||
|
||||
respondJSON(w, http.StatusOK, map[string]string{
|
||||
"webhook_url": webhookURL,
|
||||
"webhook_secret": secret,
|
||||
})
|
||||
}
|
||||
|
||||
// listNpmCertificates handles GET /api/settings/npm-certificates.
|
||||
// It authenticates to NPM using the stored credentials and returns only wildcard certificates.
|
||||
func (s *Server) listNpmCertificates(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
Reference in New Issue
Block a user