1.2 KiB
unix database
The unix
forgehook database is the reference implementation. Here, you will find information about its architecture.
A naive approach to subscriptions storage would have users manage their own database in $HOME
. However, that would require to iterate over all homedirs on every webhook to figure out which are legitimate, which is a vector for DOS attacks, so we need another way.
Instead, we let the configured forgehook user manage a central database. This is done in its home directory, in a database
folder (TODO: update code). For each known repository URL $r
(where $rhex
is the hex-encoded representation of it), there is in this folder:
$rhex.owner
is the local user owning the repository, and is therefore responsible for keeping the secret in sync with the remote.$rhex.secret
contains the secret shared with the repo$rhex.$u
for each$u
local user subscribed to the repo
TODO: update code which currently does the exact opposite, see southerntofu/webhook#4
Additionally, for each user $u
owning one or more repositories, there is a .owned-by/$u
folder containing files named after the $rhex
for each repository $r
remote the user owns.