Error messages in STDOUT not STDERR
This commit is contained in:
parent
14251c71ea
commit
15000261af
38
index.php
38
index.php
|
@ -2,7 +2,8 @@
|
|||
|
||||
function error($message, $code = 500) {
|
||||
http_response_code($code);
|
||||
error_log($message);
|
||||
// Echo to STDOUT, not STDERR as some servers will hide STDERR for security reasons
|
||||
echo($message);
|
||||
exit();
|
||||
}
|
||||
|
||||
|
@ -19,9 +20,7 @@ function extract_payload() {
|
|||
error('FAILED - not application/json - '. $content_type);
|
||||
}
|
||||
// get payload
|
||||
$payload = trim(file_get_contents("php://input"));
|
||||
// TODO: trim or not?
|
||||
//$payload = file_get_contents("php://input");
|
||||
$payload = file_get_contents("php://input");
|
||||
if (empty($payload)) {
|
||||
error('FAILED - no payload');
|
||||
}
|
||||
|
@ -47,10 +46,9 @@ function extract_header($header) {
|
|||
$value = isset($_SERVER[$header]) ? $_SERVER[$header]
|
||||
: (isset($_SERVER['HTTP_'.$header]) ? $_SERVER['HTTP_'.$header]
|
||||
: '');
|
||||
//error_log("extracted header: ".$value);
|
||||
|
||||
if (empty($value)) {
|
||||
error('FAILED - header signature missing');
|
||||
error('FAILED - header signature '.$header.' missing');
|
||||
}
|
||||
|
||||
return $value;
|
||||
|
@ -61,15 +59,12 @@ function verify_signature($payload, $secret, $claimed_signature) {
|
|||
|
||||
// check payload signature against header signature
|
||||
if ($claimed_signature != $payload_signature) {
|
||||
error_log("payload:".$payload."EOF");
|
||||
error_log("sig: ".$payload_signature);
|
||||
error('FAILED - payload signature mismatch', 403);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function verify_token($secret, $claimed_secret) {
|
||||
error_log($secret." vs ".$claimed_secret);
|
||||
if ($secret !== $claimed_secret) {
|
||||
error('FAILED - secret token mismatch', 403);
|
||||
}
|
||||
|
@ -78,22 +73,23 @@ function verify_token($secret, $claimed_secret) {
|
|||
// find_secret($repo_url)
|
||||
// Find the secret corresponding to the repo_url, if any. Returns empty string otherwise
|
||||
function find_secret($repo_url) {
|
||||
$forgehook = getenv('FORGEHOOK') ? : 'forgehook';
|
||||
//$forgehook = getenv('FORGEHOOK') ? : 'forgehook';
|
||||
// TODO: use in order ENV['FORGEHOOK'], ./forgehook, or PATH['forgehook']
|
||||
$forgehook = './forgehook';
|
||||
|
||||
// Please no Remote Code Execution
|
||||
$repo = escapeshellarg($repo_url);
|
||||
$secret = shell_exec($forgehook." secret ".$repo);
|
||||
|
||||
// Error returns NULL
|
||||
if ($secret == NULL) {
|
||||
error("Secret not found for ".$repo);
|
||||
$lines = [];
|
||||
$status = NULL;
|
||||
$secret = exec($forgehook." secret ".$repo, $lines, $status);
|
||||
|
||||
if (($secret == NULL) or ($status != 0)) {
|
||||
error("Secret not found for \"".$repo."\"");
|
||||
}
|
||||
|
||||
$secret = trim($secret);
|
||||
|
||||
if (empty($secret)) {
|
||||
error("Secret empty for ".$repo);
|
||||
}
|
||||
//error_log('secret: '.$secret);
|
||||
return $secret;
|
||||
}
|
||||
|
||||
|
@ -121,7 +117,7 @@ function notify($repo) {
|
|||
$output=shell_exec($notify." ".$repo);
|
||||
|
||||
if ($output != NULL) {
|
||||
error_log("Notify failed (".$notify.") with:\n".$output);
|
||||
error("Notify failed (".$notify.") with:\n".$output);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -150,8 +146,6 @@ function action() {
|
|||
notify($repo_url);
|
||||
break;
|
||||
case 'gitlab':
|
||||
//error_log(print_r(getallheaders(), true));
|
||||
//error_log(print_r($_SERVER, true));
|
||||
$claimed_secret = extract_header("HTTP_X_GITLAB_TOKEN");
|
||||
$payload = extract_payload();
|
||||
$payload_array = json_to_array($payload);
|
||||
|
@ -166,6 +160,6 @@ function action() {
|
|||
}
|
||||
|
||||
action();
|
||||
error_log("OK");
|
||||
echo("OK");
|
||||
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue