1.2 KiB
unix database
The unix forgehook database is the reference implementation. Here, you will find information about its architecture.
A naive approach to subscriptions storage would have users manage their own database in $HOME. However, that would require to iterate over all homedirs on every webhook to figure out which are legitimate, which is a vector for DOS attacks, so we need another way.
Instead, we let the configured forgehook user manage a central database. This is done in its home directory, in a database folder (TODO: update code). For each known repository URL $r (where $rhex is the hex-encoded representation of it), there is in this folder:
$rhex.owneris the local user owning the repository, and is therefore responsible for keeping the secret in sync with the remote.$rhex.secretcontains the secret shared with the repo$rhex.$ufor each$ulocal user subscribed to the repo
TODO: update code which currently does the exact opposite, see southerntofu/webhook#4
Additionally, for each user $u owning one or more repositories, there is a .owned-by/$u folder containing files named after the $rhex for each repository $r remote the user owns.