System Hooks API confused with Default Hooks API

[kousu]

Description

GET /admin/hooks lists hooks with is_system_webhook = true, but POST /admin/hooks creates them without. There does not currently seem to be a way to create a system webhook from the API -- only default webhooks; meanwhile there is no way to list default webhooks from the API.

I see that /admin/hooks was only added less than a month ago with #14537. It's an niche but extremely helpful feature for what I'm trying to do with Gitea, so I want to help get it working.

Gitea Version

1.19.0+dev-586-g10cdcb9ea

Can you reproduce the bug on the Gitea demo site?

No -- but only because I don't have admin rights there

Log Gist

https://gist.github.com/kousu/1f0be0c81dce500caef0b0af3e985196

Screenshots

Under http://localhost:3000/admin/hooks I start with an empty slate

I go to http://localhost:3000/api/swagger and log in:

http://localhost:3000/api/swagger#/admin/adminGetHook gives an empty list

I create a hook:

Back on the UI at http://localhost:3000/admin/hooks I can see it, but it's a Default Hook:

But using the API gets me an empty list still:

If I make a system webhook with the UI

it adds to the UI

and the API can see it:

If I add another Default Webhook

The API cannot see it

...unless I specifically ask for hook 20

19 also works, but there's nothing to distinguish that it is a system hook:

Git Version

2.34.1

Operating System

Ubuntu 22.04

How are you running Gitea?

user@dev:~/src/gitea$ TAGS="bindata sqlite sqlite_unlock_notify" make build
user@dev:~/src/gitea$ ./gitea

Database

SQLite

[kousu]

CreateHook calls

gitea/routers/api/v1/admin/hooks.go

Line 112 in 10cdcb9

utils.AddSystemHook(ctx, form)

"AddSystemHook", which sounds like it should add a system hook

gitea/routers/api/v1/utils/hook.go

Lines 71 to 82 in 10cdcb9

	// AddSystemHook add a system hook
	func AddSystemHook(ctx *context.APIContext, form *api.CreateHookOption) {
	hook, ok := addHook(ctx, form, 0, 0)
	if ok {
	h, err := webhook_service.ToHook(setting.AppSubURL+"/admin", hook)
	if err != nil {
	ctx.Error(http.StatusInternalServerError, "convert.ToHook", err)
	return
	}
	ctx.JSON(http.StatusCreated, h)
	}
	}

but the object it creates is here

gitea/routers/api/v1/utils/hook.go

Lines 137 to 171 in 10cdcb9

	w := &webhook.Webhook{
	OrgID: orgID,
	RepoID: repoID,
	URL: form.Config["url"],
	ContentType: webhook.ToHookContentType(form.Config["content_type"]),
	Secret: form.Config["secret"],
	HTTPMethod: "POST",
	HookEvent: &webhook_module.HookEvent{
	ChooseEvents: true,
	HookEvents: webhook_module.HookEvents{
	Create: util.SliceContainsString(form.Events, string(webhook_module.HookEventCreate), true),
	Delete: util.SliceContainsString(form.Events, string(webhook_module.HookEventDelete), true),
	Fork: util.SliceContainsString(form.Events, string(webhook_module.HookEventFork), true),
	Issues: issuesHook(form.Events, "issues_only"),
	IssueAssign: issuesHook(form.Events, string(webhook_module.HookEventIssueAssign)),
	IssueLabel: issuesHook(form.Events, string(webhook_module.HookEventIssueLabel)),
	IssueMilestone: issuesHook(form.Events, string(webhook_module.HookEventIssueMilestone)),
	IssueComment: issuesHook(form.Events, string(webhook_module.HookEventIssueComment)),
	Push: util.SliceContainsString(form.Events, string(webhook_module.HookEventPush), true),
	PullRequest: pullHook(form.Events, "pull_request_only"),
	PullRequestAssign: pullHook(form.Events, string(webhook_module.HookEventPullRequestAssign)),
	PullRequestLabel: pullHook(form.Events, string(webhook_module.HookEventPullRequestLabel)),
	PullRequestMilestone: pullHook(form.Events, string(webhook_module.HookEventPullRequestMilestone)),
	PullRequestComment: pullHook(form.Events, string(webhook_module.HookEventPullRequestComment)),
	PullRequestReview: pullHook(form.Events, "pull_request_review"),
	PullRequestSync: pullHook(form.Events, string(webhook_module.HookEventPullRequestSync)),
	Wiki: util.SliceContainsString(form.Events, string(webhook_module.HookEventWiki), true),
	Repository: util.SliceContainsString(form.Events, string(webhook_module.HookEventRepository), true),
	Release: util.SliceContainsString(form.Events, string(webhook_module.HookEventRelease), true),
	},
	BranchFilter: form.BranchFilter,
	},
	IsActive: form.Active,
	Type: form.Type,
	}

which leaves IsSystemWebhook nil.

The only place in the code that's set to true is in the code that handles the UI:

gitea/routers/web/repo/webhook.go

Lines 98 to 105 in 10cdcb9

	// Must be system webhooks instead
	return &orgRepoCtx{
	IsAdmin: true,
	IsSystemWebhook: true,
	Link: path.Join(setting.AppSubURL, "/admin/hooks"),
	LinkNew: path.Join(setting.AppSubURL, "/admin/system-hooks"),
	NewTemplate: tplAdminHookNew,
	}, nil

gitea/routers/web/repo/webhook.go

Lines 229 to 241 in 10cdcb9

	w := &webhook.Webhook{
	RepoID: orCtx.RepoID,
	URL: params.URL,
	HTTPMethod: params.HTTPMethod,
	ContentType: params.ContentType,
	Secret: params.Secret,
	HookEvent: ParseHookEvent(params.WebhookForm),
	IsActive: params.WebhookForm.Active,
	Type: params.Type,
	Meta: string(meta),
	OrgID: orCtx.OrgID,
	IsSystemWebhook: orCtx.IsSystemWebhook,
	}

[kousu]

Also there's no way to set a hook secret with the API, which makes it unusable (unless your hooks all disable signature verification).

[kousu]

Also there's no way to set events = {"push_only":true} with the API; with the UI, the default is

but with the API you always get

[deliciouslytyped]

I ran into this. Thanks for working on it.
FWIW the push_only / custom thing is also reported at #20178

Any idea how far this is from being complete?

[philipparndt]

I think this can be closed as of #33180

GET /admin/hooks does now have a parameter type

- type: string
  enum:
    - system
    - default
    - all
  description: system, default or both kinds of webhooks
  name: type
  default: system
  in: query