UNPKG

affiance

Version:

A configurable and extendable Git hook manager for node projects

github.com/l8on/affiance

l8on/affiance

112 lines (92 loc) 3.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
'use strict'; const _ = require('lodash'); const AffianceError = require('./error'); const fse = require('fs-extra'); const fileUtils = require('./fileUtils'); const utils = require('./utils'); const gitRepo = require('./gitRepo'); const crypto = require('crypto'); const path = require('path'); const IGNORED_CONFIG_KEYS = ['skip']; module.exports = class HookSigner { constructor(hookName, config, context) { this.hookName = hookName; this.config = config; this.context = context; } hookPath() { if (!this._hookPath) { let pluginPath = path.join( this.config.pluginDirectory(), this.context.hookScriptName, utils.camelCase(this.hookName) ); // try { require(pluginPath); return pluginPath; } catch(e) { if(e.code !== 'MODULE_NOT_FOUND') { throw(e); } let hookConfig = this.config.forHook(this.hookName, this.context.hookConfigName); let commandList = (hookConfig['command'] || hookConfig['requiredExecutable']).split(/\s+/); if (hookConfig['verifySignatures'] && !this.isSignableFile(commandList[0])) { throw AffianceError.error( AffianceError.InvalidHookDefinition, 'Hook must specify a `required_executable` or `command` that ' + 'is tracked by git (i.e. is a path relative to the root ' + 'of the repository) so that it can be signed' ); } this._hookPath = path.resolve(gitRepo.repoRoot(), commandList[0]); } } return this._hookPath; } updateSignature() { let commandResponse = utils.spawnSync( 'git', ['config', '--local', this.signatureConfigKey(), this.signature()] ); if (commandResponse.status !== 0) { throw AffianceError.error( AffianceError.GitConfigError, 'Unable to write to local repo git config: ' + commandResponse.stderr.toString() ); } return true; } isSignableFile(filePath) { return (filePath.indexOf('.' + path.sep) === 0 && gitRepo.isTracked(filePath)); } hasSignatureChanged() { return (this.signature() !== this.storedSignature()); } signature() { let hookConfig = _.merge({}, this.config.forHook(this.hookName, this.context.hookConfigName)); IGNORED_CONFIG_KEYS.forEach(function(configKey) { delete hookConfig[configKey]; }); let hash = crypto.createHash('sha256'); hash.update(this.hookContents() + JSON.stringify(hookConfig)); return hash.digest('hex'); } hookContents() { if (!fileUtils.isFile(this.hookPath())) { return ''; } return fse.readFileSync(this.hookPath(), 'utf8'); } storedSignature() { let commandResponse = utils.spawnSync('git', ['config', '--local', '--get', this.signatureConfigKey()]); if (commandResponse.status === 1) { return ''; } else if (commandResponse.status !== 0) { throw AffianceError.error( AffianceError.GitConfigError, 'Unable to read from local repo git config: ' + commandResponse.stderr.toString() ); } return commandResponse.stdout.toString().trim(); } signatureConfigKey() { return ['affiance', this.context.hookConfigName, this.hookName, 'signature'].join('.'); } };