diff --git a/.github/workflows/docker-image-dev.yml b/.github/workflows/docker-image-dev.yml index c1740eb..03e2292 100644 --- a/.github/workflows/docker-image-dev.yml +++ b/.github/workflows/docker-image-dev.yml @@ -4,48 +4,18 @@ on: push: branches: - dev - -env: - USERNAME: ${{ github.repository_owner }} - IMAGE_NAME: ${{ github.repository }} - REGISTRY: ghcr.io + paths-ignore: + - ".**" jobs: update: - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: Login to Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ env.USERNAME }} - password: ${{ secrets.GH_PCKG_TOKEN }} - - - name: Setup QEMU - uses: docker/setup-qemu-action@v3 - - - name: Setup Buildx - uses: docker/setup-buildx-action@v3 - - - name: Extract Labels and Tags - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - flavor: | - latest=false - tags: | - type=raw,value=latest-dev - - - name: Build and Push Image - uses: docker/build-push-action@v6 - with: - context: . - platforms: linux/amd64, linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - push: true + uses: codeshelldev/gh-actions/.github/workflows/docker-image.yml@main + with: + registry: ghcr.io + flavor: | + latest=false + tags: | + type=sha + type=raw,value=latest-dev + secrets: + GH_PCKG_TOKEN: ${{ secrets.GH_PCKG_TOKEN }} diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 4c61d4a..d0c694f 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -4,50 +4,10 @@ on: release: types: [published] -env: - USERNAME: ${{ github.repository_owner }} - IMAGE_NAME: ${{ github.repository }} - REGISTRY: ghcr.io - jobs: update: - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: Login to Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ env.USERNAME }} - password: ${{ secrets.GH_PCKG_TOKEN }} - - - name: Setup QEMU - uses: docker/setup-qemu-action@v3 - - - name: Setup Buildx - uses: docker/setup-buildx-action@v3 - - - name: Extract Labels and Tags - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - flavor: | - latest=false - tags: | - type=semver,pattern=v{{major}} - type=semver,pattern=v{{version}} - type=semver,pattern=v{{major}}.{{minor}} - type=semver,pattern=latest - - - name: Build and Push Image - uses: docker/build-push-action@v6 - with: - context: . - platforms: linux/amd64, linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - push: true + uses: codeshelldev/gh-actions/.github/workflows/docker-image.yml@main + with: + registry: ghcr.io + secrets: + GH_PCKG_TOKEN: ${{ secrets.GH_PCKG_TOKEN }} diff --git a/.github/workflows/readme-update.yml b/.github/workflows/readme-update.yml index cb7edb3..2f6b272 100644 --- a/.github/workflows/readme-update.yml +++ b/.github/workflows/readme-update.yml @@ -3,33 +3,11 @@ name: Update README on: push: paths: - - "docker-compose.yaml" - - ".github/templates/README.template.md" - - "examples/*" + - docker-compose.yaml + - .github/templates/README.template.md jobs: - update-readme: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Replace File Placeholders in README - run: | - bash .github/helper-scripts/replace_placeholders.sh .github/templates/README.template.md README.md - - - name: Commit & Push README.md - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - - git add README.md - if git diff --cached --quiet; then - echo "No changes to commit." - else - git commit -m "Update README.md" - git push - fi + update: + uses: codeshelldev/gh-actions/.github/workflows/readme-update.yml@main + secrets: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/app.py b/app.py index 0589274..02494d2 100644 --- a/app.py +++ b/app.py @@ -1,11 +1,11 @@ -from flask import Flask, Response, request, jsonify, make_response +from flask import Flask, Response, request, jsonify, make_response, g import os import json import requests import re import base64 -import logging -from urllib.parse import unquote +import logging +from urllib.parse import unquote, urlencode, parse_qs app = Flask("Secured Signal Api") @@ -72,33 +72,46 @@ def middlewares(): infoLog(f"Client tried to access Blocked Endpoint [{blockedPath}]") return Response("Forbidden", 401) + query_string = request.query_string.decode() + if secure: auth_header = request.headers.get("Authorization", "") if auth_header.startswith("Bearer "): - token = auth_header.split(" ", 1)[1] - - token = unquote(token) + token = auth_header.split(" ", 1)[1] + if token != API_TOKEN: infoLog(f"Client failed Bearer Auth [token: {token}]") - return UnauthorizedResponse() + return UnauthorizedResponse() elif auth_header.startswith("Basic "): try: decoded = base64.b64decode(auth_header.split(" ", 1)[1]).decode() - username, password = decoded.split(":", 1) - - username = unquote(username) - password = unquote(password) + username, password = decoded.split(":", 1) + if username != "api" or password != API_TOKEN: infoLog(f"Client failed Basic Auth [user: {username}, pw:{password}]") return UnauthorizedResponse() except Exception as error: errorLog(f"Unexpected Error during Basic Auth: {error}") return UnauthorizedResponse() + elif request.args.get("authorization", None): + token = request.args.get("authorization", "") + + token = unquote(token) + + if token != API_TOKEN: + infoLog(f"Client failed Query Auth [query: {token}]") + return UnauthorizedResponse() + + args = parse_qs(query_string) + + args.pop('authorization', None) + query_string = urlencode(args, doseq=True) else: infoLog(f"Client did not provide any Auth Method") return UnauthorizedResponse(True) - + + g.query_string = query_string @app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT']) @app.route('/', methods=['GET', 'POST', 'PUT']) @@ -114,15 +127,13 @@ def proxy(path): if "${NUMBER}" in path: path = path.replace("${NUMBER}", SENDER) - query_string = request.query_string.decode() + query_string = g.query_string - if request.query_string.decode(): - query_string= "?" + request.query_string.decode() + if query_string: + query_string = "?" + query_string targetURL = f"{SIGNAL_API_URL}/{path}{query_string}" - infoLog(json.dumps(jsonData)) - resp = requests.request( method=method, url=targetURL,