Add first version

.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = tab
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = true

.gitignore

@@ -0,0 +1,175 @@
+### Python https://github.com/github/gitignore 8e67b9420cb6796e5eeca72682babdb06627ec8c
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+### VisualStudioCode https://github.com/github/gitignore bf3f140cfabe05651c4338ad6e2ca173299f93df
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix

.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+	"recommendations": [
+		"EditorConfig.EditorConfig"
+	]
+}

LICENSE.txt

@@ -0,0 +1,9 @@
+The MIT License (MIT)
+
+Copyright © 2023 Benjamin Stadlbauer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,14 @@
+# Forgejo Webhook WSGI app
+
+A WSGI-based application to handle webhooks specifically written for Forgejo platforms.
+
+## Running this WSGI app
+
+To run the webhook app you must set the `WEBHOOK_KEY` environmental variable with the secret you have entered in the webhook setting in Forgejo. Then simply run the app with e.g.,
+```
+$ gunicorn app:app
+```
+
+---
+
+Copyright © 2023 Benjamin Stadlbauer

app.py

@@ -0,0 +1,67 @@
+"""
+A WSGI-based application to handle webhooks specifically written for Forgejo platforms.
+Copyright © 2023 Benjamin Stadlbauer
+"""
+
+import json
+import hashlib
+import hmac
+from backend import handle_data
+from settings import *
+
+def app(environ, start_response):
+	try:
+		data: dict = get_data(environ.copy())
+	except Exception as e:
+		start_response('400', [
+			('Content-Type', 'text/plain')
+		])
+		return iter([str(e).encode()])
+
+	try:
+		logging: str = handle_data(data)
+	except Exception as e:
+		start_response('500', [
+			('Content-Type', 'text/plain')
+		])
+		return iter([str(e).encode()])
+
+	start_response('200 OK', [
+		('Content-Type', 'text/plain')
+	])
+
+	return iter([logging.encode()])
+
+def get_data(environ):
+	if environ['REQUEST_METHOD'] == 'POST':
+		if 'application/json' != environ.get('CONTENT_TYPE'):
+			raise Exception('Error: Content-Type is not application/json: ' + environ.get('CONTENT_TYPE'))
+
+		try:
+			request_body_size = int(environ.get('CONTENT_LENGTH', 0))
+		except (ValueError):
+			request_body_size = 0
+
+		if 0 == request_body_size:
+			raise Exception('Error: Content-Length is 0')
+
+		request_body = environ.get('wsgi.input').read(request_body_size)
+
+		signature = environ.get('HTTP_X_GITEA_SIGNATURE')
+
+		if not signature:
+			raise Exception('Error: Missing signature')
+
+		signature_actual = hmac.new(SECRET_KEY.encode(), request_body, hashlib.sha256).hexdigest()
+
+		if signature_actual != signature:
+			raise Exception('Error: Signature could not be validated')
+
+		try:
+			data = json.loads(request_body)
+		except json.decoder.JSONDecodeError as e:
+			raise Exception('Error: Could not parse the JSON body: %s' % e)
+
+		return data
+	else:
+		raise Exception('Error: Request is not POST: ' + environ.get('REQUEST_METHOD'))

backend.py

@@ -0,0 +1,14 @@
+"""
+A WSGI-based application to handle webhooks specifically written for Forgejo platforms.
+Copyright © 2023 Benjamin Stadlbauer
+
+Here you can perform your actions, depending on the information given in the
+data dictionary. The returned string will be the plain-text body of the response
+to the web-hook request.
+
+If an exception is raised from within the function, the response will be of status 500
+and the body will be the string of the exception.
+"""
+
+def handle_data(data: dict) -> str:
+	return "Done"

settings.py

@@ -0,0 +1,13 @@
+"""
+A WSGI-based application to handle webhooks specifically written for Forgejo platforms.
+Copyright © 2023 Benjamin Stadlbauer
+"""
+
+import os
+
+'''
+This variable stores the secret key (as a string) for calculating the signature
+to compare it with the one in the request. This secret key must be equal to the
+one set in the web-hook settings.
+'''
+SECRET_KEY = os.environ['WEBHOOK_KEY']