From 94c04b57806722d538eb0d812e660ab28e668757 Mon Sep 17 00:00:00 2001 From: Martin Hloska Date: Thu, 11 Mar 2021 09:39:38 +0100 Subject: [PATCH 1/2] feat: only ALLOWED_USERS can execute benchmark --- README.md | 12 ++++++++++++ index.js | 24 +++++++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9dbbede..6672624 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,18 @@ WEBHOOK_PROXY_URL= Add `BASE_BRANCH=master` or whatever is appropriate. +#### Allowed users + +It is possible to restrict who can execute a benchmark. + +Add `ALLOWED_USERS` with comma separated list of user's github ids. Eg: + +`ALLOWED_USERS=123,455,234` + +Github user id can be retrieved using Github API: https://api.github.com/users/your_github_user_name + +If `ALLOWD_USERS` is not specified - any user can execute the benchmark. + ## Permissions Needed * Metadata: Read Only diff --git a/index.js b/index.js index 13a1e5b..7f48288 100644 --- a/index.js +++ b/index.js @@ -1,5 +1,15 @@ -var { benchBranch, benchmarkRuntime } = require("./bench"); +const { benchBranch, benchmarkRuntime } = require("./bench"); + +let allowedUsers = process.env.ALLOWED_USERS; +if (allowedUsers) { + allowedUsers = allowedUsers.split(",").map(Number).filter(item => item); +} + +// Allow only selected users or if not specified - allow any. +function isAllowed(senderId) { + return allowedUsers === undefined || allowedUsers.includes(senderId); +} module.exports = app => { app.log(`base branch: ${process.env.BASE_BRANCH}`); @@ -10,6 +20,18 @@ module.exports = app => { return; } + if (! isAllowed(context.payload.sender.id)){ + app.log(`User not allowed ${context.payload.sender.id}`) + const repo = context.payload.repository.name; + const owner = context.payload.repository.owner.login; + const comment_id = context.payload.comment.id; + context.github.issues.updateComment({ + owner, repo, comment_id, + body: `Denied. User is not allowed to execute benchmark.` + }); + return; + } + // Capture `` in `/bench ` let action = commentText.split(" ").splice(1, 1).join(" ").trim(); // Capture all `` text in `/bench ` From 82266df77272dfa3b633e5c4b586255b40066e1e Mon Sep 17 00:00:00 2001 From: Martin Hloska Date: Mon, 19 Apr 2021 10:51:19 +0200 Subject: [PATCH 2/2] fix typo in README.md Co-authored-by: Shawn Tabrizi --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6672624..222c8af 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Add `ALLOWED_USERS` with comma separated list of user's github ids. Eg: Github user id can be retrieved using Github API: https://api.github.com/users/your_github_user_name -If `ALLOWD_USERS` is not specified - any user can execute the benchmark. +If `ALLOWED_USERS` is not specified - any user can execute the benchmark. ## Permissions Needed