refactor(github): start of github pr feature

src/server/configServer.test.ts

@@ -5,16 +5,17 @@ import { archetypeRuleRoute } from './routes/archetypeRuleRoute';
 import { telemetryRoute } from './routes/telemetryRoute';
 import { clearCacheRoute } from './routes/clearCacheRoute';
 import { viewCacheRoute } from './routes/viewCacheRoute';
-import { githubWebhookRoute } from './routes/githubWebhookRoute';
+import { githubWebhookConfigUpdateRoute } from './routes/githubWebhookConfigUpdateRoute';
 import { checkSharedSecret } from './middleware/checkSharedSecret';
+import { validateGithubWebhook } from './middleware/validateGithubWebhook';
 
 jest.mock('./routes/archetypeRoute');
 jest.mock('./routes/archetypeRulesRoute');
 jest.mock('./routes/archetypeRuleRoute');
 jest.mock('./routes/telemetryRoute');
 jest.mock('./routes/clearCacheRoute');
 jest.mock('./routes/viewCacheRoute');
-jest.mock('./routes/githubWebhookRoute');
+jest.mock('./routes/githubWebhookConfigUpdateRoute');
 jest.mock('./middleware/checkSharedSecret');
 
 describe('configServer', () => {
@@ -35,7 +36,7 @@ describe('configServer', () => {
     app.post('/telemetry', checkSharedSecret, telemetryRoute);
     app.post('/clearcache', checkSharedSecret, clearCacheRoute);
     app.get('/viewcache', checkSharedSecret, viewCacheRoute);
-    app.post('/github-webhook', githubWebhookRoute);
+    app.post('/github-config-update', validateGithubWebhook, githubWebhookConfigUpdateRoute);
 
     // Verify routes are set up correctly
     expect(app.get).toHaveBeenCalledWith('/archetypes/:archetype', archetypeRoute);
@@ -44,7 +45,7 @@ describe('configServer', () => {
     expect(app.post).toHaveBeenCalledWith('/telemetry', checkSharedSecret, telemetryRoute);
     expect(app.post).toHaveBeenCalledWith('/clearcache', checkSharedSecret, clearCacheRoute);
     expect(app.get).toHaveBeenCalledWith('/viewcache', checkSharedSecret, viewCacheRoute);
-    expect(app.post).toHaveBeenCalledWith('/github-webhook', githubWebhookRoute);
+    expect(app.post).toHaveBeenCalledWith('/github-config-update', validateGithubWebhook, githubWebhookConfigUpdateRoute);
   });
 
   afterEach(() => {

src/server/configServer.ts

@@ -13,7 +13,8 @@ import { archetypeRuleRoute } from './routes/archetypeRuleRoute';
 import { telemetryRoute } from './routes/telemetryRoute';
 import { clearCacheRoute } from './routes/clearCacheRoute';
 import { viewCacheRoute } from './routes/viewCacheRoute';
-import { githubWebhookRoute } from './routes/githubWebhookRoute';
+import { githubWebhookConfigUpdateRoute } from './routes/githubWebhookConfigUpdateRoute';
+import { githubWebhookPullRequestCheckRoute } from './routes/githubWebhookPullRequestCheckRoute';
 import { exemptionsRoute } from './routes/exemptionsRoute';
 import { validateUrlInput } from './middleware/validateUrlInput';
 import { validateTelemetryData } from './middleware/validateTelemetryData';
@@ -62,7 +63,8 @@ app.post('/clearcache', checkSharedSecret, clearCacheRoute);
 app.get('/viewcache', checkSharedSecret, viewCacheRoute);
 app.get('/archetypes/:archetype/exemptions', checkSharedSecret, exemptionsRoute);
 
-app.post('/github-webhook', validateGithubWebhook, githubWebhookRoute);
+app.post('/github-config-update', validateGithubWebhook, githubWebhookConfigUpdateRoute);
+app.post('/github-pull-request-check', validateGithubWebhook, githubWebhookPullRequestCheckRoute);
 
 export function startServer({ customPort, executionLogPrefix }: StartServerParams): any {
     const serverPort = customPort ? parseInt(customPort) : port;

src/server/routes/githubWebhookRoute.ts → src/server/routes/githubWebhookConfigUpdateRoute.ts

@@ -9,7 +9,7 @@ import { clearCache } from '../cacheManager';
 import { ConfigManager } from '../../utils/configManager';
 import { options } from '../../core/cli';
 
-export async function githubWebhookRoute(req: Request, res: Response) {
+export async function githubWebhookConfigUpdateRoute(req: Request, res: Response) {
     const requestLogPrefix = req.headers['x-log-prefix'] as string || '';
     setLogPrefix(requestLogPrefix);
 

src/server/routes/githubWebhookPullRequestCheckRoute.ts

@@ -0,0 +1,40 @@
+import { Request, Response } from 'express';
+import { logger, setLogPrefix } from '../../utils/logger';
+import crypto from 'crypto';
+
+export async function githubWebhookPullRequestCheckRoute(req: Request, res: Response) {
+    const requestLogPrefix = req.headers['x-log-prefix'] as string || '';
+    setLogPrefix(requestLogPrefix);
+
+    const signature = req.headers['x-hub-signature-256'] as string;
+    const githubSecret = process.env.GITHUB_WEBHOOK_SECRET;
+
+    if (!githubSecret) {
+        logger.error('GitHub webhook secret is not set');
+        return res.status(500).send('Server is not configured for webhooks');
+    }
+
+    if (!signature) {
+        logger.error('No X-Hub-Signature-256 found on request');
+        return res.status(400).send('No X-Hub-Signature-256 found on request');
+    }
+
+    const hmac = crypto.createHmac('sha256', githubSecret);
+    const digest = 'sha256=' + hmac.update(JSON.stringify(req.body)).digest('hex');
+
+    if (signature !== digest) {
+        logger.error('Request body digest did not match X-Hub-Signature-256');
+        return res.status(400).send('Invalid signature');
+    }
+
+    const event = req.headers['x-github-event'] as string;
+    if (event === 'push') {
+        // TODO: Implement pull request check
+
+        return res.status(200).send('Webhook received and processed');
+    }
+
+    res.status(200).send('Received');
+}
+
+