From 341f879c711515eeec47bedf472843dc3578d163 Mon Sep 17 00:00:00 2001
From: Ubergeek <ubergeek@yourtilde.com>
Date: Wed, 20 Mar 2019 13:12:42 +0000
Subject: [PATCH] Updating the githook, and adding teapot easter egg.

---
 githook.php | 58 +++++++++++++++++++++++++++++++++++++++++------------
 teapot.php  |  6 ++++++
 2 files changed, 51 insertions(+), 13 deletions(-)
 create mode 100644 teapot.php

diff --git a/githook.php b/githook.php
index 9f85d48..bd7f8bb 100644
--- a/githook.php
+++ b/githook.php
@@ -2,10 +2,15 @@
 
 /* gitea deploy webhook */
 
-/* security */
-$access_token = '1234567890';
-$lastrun = '/dev/shm/ansible-hook-last-run';
-$dropfile = '/dev/shm/run-ansible';
+/* security and environment*/
+$access_token     = '1234567890';
+$ansible_lastrun  = '/dev/shm/ansible-hook-last-run';
+$ansible_dropfile = '/dev/shm/run-ansible';
+$www_lastrun      = '/dev/shm/www-hook-last-run';
+$www_dropfile     = '/dev/shm/run-www';
+$remoteip         = $_SERVER['REMOTE_ADDR'];
+$allowedip        = '195.201.242.48';
+$ratelimit        = 300;
 
 /* get json data */
 $json = file_get_contents('php://input');
@@ -15,23 +20,50 @@ $client_token = $data["secret"];
 if ($client_token !== $access_token)
 {
     http_response_code(403); 
+    echo "HTTP 403 - Forbidden.";
     exit(0);
 }
 
-syslog(LOG_INFO, 'Ansible Webhook recieved.');
+if ($remoteip !== $allowedip)
+{
+    http_repsonse_code(403);
+    echo "HTTP 403 - Forbidden.";
+    exit(0);
+}
 
 //* if you need get full json input */
 //fwrite($fs, 'DATA: '.print_r($data, true).PHP_EOL);
 
-
-if ( time () - filemtime ( $lastrun ) > 300 ) {
-	touch ( $dropfile );
-	touch ( $lastrun );
-	echo "HTTP 200 - Ansible webhook recieved.";
-	}
+if ($data["repository"]["full_name"] == 'thunix/ansible') {
+	syslog(LOG_INFO, 'Ansible Webhook recieved.');
+	if ( time () - filemtime ( $ansible_lastrun ) > $ratelimit ) {
+		touch ( $ansible_dropfile );
+		touch ( $ansible_lastrun );
+		echo "HTTP 200 - Ansible webhook recieved.";
+		}
 	else {
-	http_response_code(429);
-  echo "HTTP 429 - Rate Limited.";
+		http_response_code(429);
+		echo "HTTP 429 - Rate Limited.";
+		exit(0);
+		}
+}
+elseif ($data["repository"]["full_name"] == 'thunix/www') {
+	syslog(LOG_INFO, 'WWW Webhook recieved.');
+	if ( time () - filemtime ( $www_lastrun ) > $ratelimit ) {
+		touch ( $www_dropfile );
+		touch ( $www_lastrun );
+		http_response_code(200);
+		echo "HTTP 200 - WWW webhook recieved.";
+		} 
+	else {
+		http_response_code(429);
+		echo "HTTP 429 - Rate Limited.";
+		exit(0);
+		}
+	} 
+else {
+	http_response_code(418);
+	echo "HTTP 418 - I'm a teapot.";
 	exit(0);
 	}
 ?>
diff --git a/teapot.php b/teapot.php
new file mode 100644
index 0000000..85dc757
--- /dev/null
+++ b/teapot.php
@@ -0,0 +1,6 @@
+<?php
+
+http_response_code(418);
+echo "HTTP 418 - I'm a teapot.";
+
+?>