www/githook.php

<?php
/* gitea deploy webhook for thunix*/
/*
 * So, this webhook current accepts hooks for www, ansible, and soon
 * gopher.  It's pretty extensible, and is currently written for gitea,
 * but things like gitlab, github, etc should be feasible, if not
 * downright easy.
 * 
 * While this 'should' work fine with numberic keys, and has been
 * tested, php's loose casting makes it a crap shoot.  We should
 * probably not start tokens with a 0, or a number for that matter?
 * All project hooks need to use the same key.
 * 
 * Also, tildegit's IP address is hard-wired here, so we only accept
 * hooks from tildegit.  This will need that change, if it moves.

/* security */
$access_token     = "secret";
$www_lastrun      = '/dev/shm/www-hook-last-run';
$www_dropfile     = '/dev/shm/run-www';
$gopher_lastrun   = '/dev/shm/gopher-hook-last-run';
$gopher_dropfile  = '/dev/shm/run-gopher';
$wiki_lastrun     = '/dev/shm/wiki-hook-last-run';
$wiki_dropfile    = '/dev/shm/run-wiki';

$allowedip        = '198.50.210.248';
$remoteip         = $_SERVER['REMOTE_ADDR'];
$ratelimit        = 300;

/* get json data */
$json = file_get_contents('php://input');
$data = json_decode($json, true);


/* check our token */
$client_token = $data["secret"];
if ( strcmp($client_token, $access_token) !== 0 ) 
{
	http_response_code(403); 
	echo "HTTP 403 - Forbidden, P1.\n";
	exit(0);
}

/* check our source ip for the hook */
if ( strcmp($remoteip, $allowedip) !== 0 )
{
	http_response_code(403);
	echo "HTTP 403 - Forbidden, P2.\n";
	exit(0);
}

// Hook for www repo here.  Same rules apply, as above, for www.  We
// could probably make it able to run more frequently.  Backend job is
// just a git pull, and is quick.
elseif ($data["repository"]["full_name"] == 'thunix/www') {
	syslog(LOG_INFO, 'WWW Webhook recieved.');
	if ( time () - filemtime ( $www_lastrun ) > $ratelimit/30 ) {
		touch ( $www_dropfile );
		touch ( $www_lastrun );
		http_response_code(200);
		echo "HTTP 200 - WWW webhook recieved.\n";
		} 
	else {
		http_response_code(429);
		echo "HTTP 429 - Rate Limited.\n";
		exit(0);
		}
}

// Hook for gopher.  Not implemented on the backend yet.
elseif ($data["repository"]["full_name"] == 'thunix/thunix_gopher') {
	syslog(LOG_INFO, 'Gopher Webhook recieved.');
	if ( time () - filemtime ( $gopher_lastrun ) > $ratelimit ) {
		touch ( $gopher_dropfile );
		touch ( $gopher_lastrun );
		http_response_code(200);
		echo "HTTP 200 - Gopher webhook recieved.\n";
		} 
	else {
		http_response_code(429);
		echo "HTTP 429 - Rate Limited.\n";
		exit(0);
		}
}

//Wiki webhook
elseif ($data["repository"]["full_name"] == 'thunix/wiki') {
  syslog(LOG_INFO, 'Wiki Webhook recieved.');
  if ( time () - filemtime ( $wiki_lastrun ) > $ratelimit/30 ) {
    touch ( $wiki_dropfile );
    touch ( $wiki_lastrun );
    http_response_code(200);
    echo "HTTP 200 - Wiki webhook recieved.\n";
    }
  else {
    http_response_code(429);
    echo "HTTP 429 - Rate Limited.\n";
    exit(0);
    }
}

// Easter egg for anyone probing the hook.  Enjoy.  We're a tea pot
// and not a coffee maker :)
else {
	http_response_code(418);
	echo "HTTP 418 - I'm a teapot.\n";
	syslog(LOG_INFO, "Tea Pot Webhook recieved.\n");
	exit(0);
	}

?>
Adding githook 2019-03-17 01:31:59 +00:00			`<?php`
Ok, tested and fixed, finally! 2019-03-22 21:33:06 +00:00			`/* gitea deploy webhook for thunix*/`
			`/*`
			`* So, this webhook current accepts hooks for www, ansible, and soon`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`* gopher. It's pretty extensible, and is currently written for gitea,`
			`* but things like gitlab, github, etc should be feasible, if not`
			`* downright easy.`
			`*`
			`* While this 'should' work fine with numberic keys, and has been`
			`* tested, php's loose casting makes it a crap shoot. We should`
			`* probably not start tokens with a 0, or a number for that matter?`
			`* All project hooks need to use the same key.`
			`*`
			`* Also, tildegit's IP address is hard-wired here, so we only accept`
			`* hooks from tildegit. This will need that change, if it moves.`
Adding githook 2019-03-17 01:31:59 +00:00
Fixed githook for reals 2019-03-21 14:49:58 +00:00			`/* security */`
Ok, tested and fixed, finally! 2019-03-22 21:33:06 +00:00			`$access_token = "secret";`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`$www_lastrun = '/dev/shm/www-hook-last-run';`
			`$www_dropfile = '/dev/shm/run-www';`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`$gopher_lastrun = '/dev/shm/gopher-hook-last-run';`
			`$gopher_dropfile = '/dev/shm/run-gopher';`
Updating webhook for the wiki 2019-06-28 16:42:11 +00:00			`$wiki_lastrun = '/dev/shm/wiki-hook-last-run';`
			`$wiki_dropfile = '/dev/shm/run-wiki';`

Update 'githook.php' 2023-07-04 18:03:40 +00:00			`$allowedip = '198.50.210.248';`
Ok, tested and fixed, finally! 2019-03-22 21:33:06 +00:00			`$remoteip = $_SERVER['REMOTE_ADDR'];`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`$ratelimit = 300;`
Adding githook 2019-03-17 01:31:59 +00:00
			`/* get json data */`
			`$json = file_get_contents('php://input');`
			`$data = json_decode($json, true);`

Ok, tested and fixed, finally! 2019-03-22 21:33:06 +00:00
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`/* check our token */`
Adding githook 2019-03-17 01:31:59 +00:00			`$client_token = $data["secret"];`
Ok, tested and fixed, finally! 2019-03-22 21:33:06 +00:00			`if ( strcmp($client_token, $access_token) !== 0 )`
Adding githook 2019-03-17 01:31:59 +00:00			`{`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`http_response_code(403);`
			`echo "HTTP 403 - Forbidden, P1.\n";`
			`exit(0);`
Adding githook 2019-03-17 01:31:59 +00:00			`}`

Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`/* check our source ip for the hook */`
Ok, tested and fixed, finally! 2019-03-22 21:33:06 +00:00			`if ( strcmp($remoteip, $allowedip) !== 0 )`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`{`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`http_response_code(403);`
			`echo "HTTP 403 - Forbidden, P2.\n";`
			`exit(0);`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`}`
Adding githook 2019-03-17 01:31:59 +00:00
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`// Hook for www repo here. Same rules apply, as above, for www. We`
			`// could probably make it able to run more frequently. Backend job is`
			`// just a git pull, and is quick.`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`elseif ($data["repository"]["full_name"] == 'thunix/www') {`
			`syslog(LOG_INFO, 'WWW Webhook recieved.');`
Updated githook, and tilde.json 2019-04-13 00:46:07 +00:00			`if ( time () - filemtime ( $www_lastrun ) > $ratelimit/30 ) {`
Cleanup 2019-03-22 21:40:15 +00:00			`touch ( $www_dropfile );`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`touch ( $www_lastrun );`
			`http_response_code(200);`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`echo "HTTP 200 - WWW webhook recieved.\n";`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`}`
Adding githook 2019-03-17 01:31:59 +00:00			`else {`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`http_response_code(429);`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`echo "HTTP 429 - Rate Limited.\n";`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`exit(0);`
			`}`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`}`

			`// Hook for gopher. Not implemented on the backend yet.`
Ok, tested and fixed, finally! 2019-03-22 21:33:06 +00:00			`elseif ($data["repository"]["full_name"] == 'thunix/thunix_gopher') {`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`syslog(LOG_INFO, 'Gopher Webhook recieved.');`
			`if ( time () - filemtime ( $gopher_lastrun ) > $ratelimit ) {`
Cleanup 2019-03-22 21:40:15 +00:00			`touch ( $gopher_dropfile );`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`touch ( $gopher_lastrun );`
			`http_response_code(200);`
			`echo "HTTP 200 - Gopher webhook recieved.\n";`
			`}`
			`else {`
			`http_response_code(429);`
			`echo "HTTP 429 - Rate Limited.\n";`
			`exit(0);`
			`}`
			`}`

Updating webhook for the wiki 2019-06-28 16:42:11 +00:00			`//Wiki webhook`
			`elseif ($data["repository"]["full_name"] == 'thunix/wiki') {`
			`syslog(LOG_INFO, 'Wiki Webhook recieved.');`
			`if ( time () - filemtime ( $wiki_lastrun ) > $ratelimit/30 ) {`
			`touch ( $wiki_dropfile );`
			`touch ( $wiki_lastrun );`
			`http_response_code(200);`
			`echo "HTTP 200 - Wiki webhook recieved.\n";`
			`}`
			`else {`
			`http_response_code(429);`
			`echo "HTTP 429 - Rate Limited.\n";`
			`exit(0);`
			`}`
			`}`

just some cleanup of the webhook code 2022-02-07 12:51:21 +00:00			`// Easter egg for anyone probing the hook. Enjoy. We're a tea pot`
			`// and not a coffee maker :)`
Updating the githook, and adding teapot easter egg. 2019-03-20 13:12:42 +00:00			`else {`
			`http_response_code(418);`
Ok, pretty sure I got it now 2019-03-22 16:52:54 +00:00			`echo "HTTP 418 - I'm a teapot.\n";`
Dammit, missed a closing paren 2019-03-22 21:43:57 +00:00			`syslog(LOG_INFO, "Tea Pot Webhook recieved.\n");`
Adding githook 2019-03-17 01:31:59 +00:00			`exit(0);`
			`}`
Updated githook, and tilde.json 2019-04-13 00:46:07 +00:00
Adding githook 2019-03-17 01:31:59 +00:00			`?>`