forked from thunix/www
Ok, tested and fixed, finally!
This commit is contained in:
parent
a3039a1234
commit
5714c3c5db
113
githook.php
113
githook.php
|
@ -1,5 +1,92 @@
|
||||||
<?php
|
<?php
|
||||||
/* So, this webhook current accepts hooks for www, ansible, and soon
|
/*
|
||||||
|
$json = '{
|
||||||
|
"secret": "01234567890",
|
||||||
|
"ref": "refs/heads/master",
|
||||||
|
"before": "197b25b76f19c73b2d58873c1b2fdab7d5a27a85",
|
||||||
|
"after": "197b25b76f19c73b2d58873c1b2fdab7d5a27a85",
|
||||||
|
"compare_url": "",
|
||||||
|
"commits": [
|
||||||
|
{
|
||||||
|
"id": "197b25b76f19c73b2d58873c1b2fdab7d5a27a85",
|
||||||
|
"message": "Ok, swap files... le sigh\n",
|
||||||
|
"url": "https://tildegit.org/thunix/www/commit/197b25b76f19c73b2d58873c1b2fdab7d5a27a85",
|
||||||
|
"author": {
|
||||||
|
"name": "Ubergeek",
|
||||||
|
"email": "ubergeek@yourtilde.com",
|
||||||
|
"username": ""
|
||||||
|
},
|
||||||
|
"committer": {
|
||||||
|
"name": "Ubergeek",
|
||||||
|
"email": "ubergeek@yourtilde.com",
|
||||||
|
"username": ""
|
||||||
|
},
|
||||||
|
"verification": null,
|
||||||
|
"timestamp": "0001-01-01T00:00:00Z"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"repository": {
|
||||||
|
"id": 318,
|
||||||
|
"owner": {
|
||||||
|
"id": 80,
|
||||||
|
"login": "thunix",
|
||||||
|
"full_name": "Thunix Phoenix Project",
|
||||||
|
"email": "",
|
||||||
|
"avatar_url": "https://tildegit.org/avatars/9c7f723c8a7fefa9e29995eade157557",
|
||||||
|
"language": "",
|
||||||
|
"username": "thunix"
|
||||||
|
},
|
||||||
|
"name": "www",
|
||||||
|
"full_name": "thunix/www",
|
||||||
|
"description": "This is the code powering the website for thunix",
|
||||||
|
"empty": false,
|
||||||
|
"private": false,
|
||||||
|
"fork": false,
|
||||||
|
"parent": null,
|
||||||
|
"mirror": false,
|
||||||
|
"size": 4997,
|
||||||
|
"html_url": "https://tildegit.org/thunix/www",
|
||||||
|
"ssh_url": "git@ttm.sh:thunix/www.git",
|
||||||
|
"clone_url": "https://tildegit.org/thunix/www.git",
|
||||||
|
"website": "",
|
||||||
|
"stars_count": 0,
|
||||||
|
"forks_count": 3,
|
||||||
|
"watchers_count": 2,
|
||||||
|
"open_issues_count": 0,
|
||||||
|
"default_branch": "master",
|
||||||
|
"archived": false,
|
||||||
|
"created_at": "2018-12-24T11:54:44-05:00",
|
||||||
|
"updated_at": "2019-03-21T20:36:37-04:00",
|
||||||
|
"permissions": {
|
||||||
|
"admin": false,
|
||||||
|
"push": false,
|
||||||
|
"pull": false
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pusher": {
|
||||||
|
"id": 33,
|
||||||
|
"login": "ubergeek",
|
||||||
|
"full_name": "",
|
||||||
|
"email": "ubergeek@yourtilde.com",
|
||||||
|
"avatar_url": "https://secure.gravatar.com/avatar/113d65c375df5e67b1430596480549a6?d=identicon",
|
||||||
|
"language": "en-US",
|
||||||
|
"username": "ubergeek"
|
||||||
|
},
|
||||||
|
"sender": {
|
||||||
|
"id": 33,
|
||||||
|
"login": "ubergeek",
|
||||||
|
"full_name": "",
|
||||||
|
"email": "ubergeek@yourtilde.com",
|
||||||
|
"avatar_url": "https://secure.gravatar.com/avatar/113d65c375df5e67b1430596480549a6?d=identicon",
|
||||||
|
"language": "en-US",
|
||||||
|
"username": "ubergeek"
|
||||||
|
}
|
||||||
|
}';
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* gitea deploy webhook for thunix*/
|
||||||
|
/*
|
||||||
|
* So, this webhook current accepts hooks for www, ansible, and soon
|
||||||
* gopher. It's pretty extensible, and is currently written for gitea,
|
* gopher. It's pretty extensible, and is currently written for gitea,
|
||||||
* but things like gitlab, github, etc should be feasible, if not
|
* but things like gitlab, github, etc should be feasible, if not
|
||||||
* downright easy.
|
* downright easy.
|
||||||
|
@ -11,28 +98,29 @@
|
||||||
*
|
*
|
||||||
* Also, tildegit's IP address is hard-wired here, so we only accept
|
* Also, tildegit's IP address is hard-wired here, so we only accept
|
||||||
* hooks from tildegit. This will need that change, if it moves.
|
* hooks from tildegit. This will need that change, if it moves.
|
||||||
*/
|
|
||||||
|
|
||||||
/* security */
|
/* security */
|
||||||
$access_token = (string)'asdfghjkl';
|
$access_token = "secret";
|
||||||
$ansible_lastrun = '/dev/shm/ansible-hook-last-run';
|
$ansible_lastrun = '/dev/shm/ansible-hook-last-run';
|
||||||
$ansible_dropfile = '/dev/shm/run-ansible';
|
$ansible_dropfile = '/dev/shm/run-ansible';
|
||||||
$www_lastrun = '/dev/shm/www-hook-last-run';
|
$www_lastrun = '/dev/shm/www-hook-last-run';
|
||||||
$www_dropfile = '/dev/shm/run-www';
|
$www_dropfile = '/dev/shm/run-www';
|
||||||
$gopher_lastrun = '/dev/shm/gopher-hook-last-run';
|
$gopher_lastrun = '/dev/shm/gopher-hook-last-run';
|
||||||
$gopher_dropfile = '/dev/shm/run-gopher';
|
$gopher_dropfile = '/dev/shm/run-gopher';
|
||||||
//$remoteip = '195.201.242.48';
|
$allowedip = '195.201.242.48';
|
||||||
$remoteip = $_SERVER["REMOTE_ADDR"];
|
$remoteip = $_SERVER['REMOTE_ADDR'];
|
||||||
$allowedip = '195.201.242.48';
|
//$allowedip = '213.239.234.117';
|
||||||
$ratelimit = 300;
|
$ratelimit = 300;
|
||||||
|
|
||||||
/* get json data */
|
/* get json data */
|
||||||
$json = file_get_contents('php://input');
|
$json = file_get_contents('php://input');
|
||||||
$data = json_decode($json, true);
|
$data = json_decode($json, true);
|
||||||
|
|
||||||
|
|
||||||
/* check our token */
|
/* check our token */
|
||||||
$client_token = $data["secret"];
|
$client_token = $data["secret"];
|
||||||
if ((string)$client_token !== (string)$access_token)
|
//if ((string)$client_token !== (string)$access_token)
|
||||||
|
if ( strcmp($client_token, $access_token) !== 0 )
|
||||||
{
|
{
|
||||||
http_response_code(403);
|
http_response_code(403);
|
||||||
echo "HTTP 403 - Forbidden, P1.\n";
|
echo "HTTP 403 - Forbidden, P1.\n";
|
||||||
|
@ -40,7 +128,8 @@ if ((string)$client_token !== (string)$access_token)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check our source ip for the hook */
|
/* check our source ip for the hook */
|
||||||
if ($remoteip != $allowedip)
|
//if ($remoteip != $allowedip)
|
||||||
|
if ( strcmp($remoteip, $allowedip) !== 0 )
|
||||||
{
|
{
|
||||||
http_response_code(403);
|
http_response_code(403);
|
||||||
echo "HTTP 403 - Forbidden, P2.\n";
|
echo "HTTP 403 - Forbidden, P2.\n";
|
||||||
|
@ -54,7 +143,7 @@ if ($data["repository"]["full_name"] == 'thunix/ansible') {
|
||||||
// overlapping. Systemd shouldn't allow it, but we'll check
|
// overlapping. Systemd shouldn't allow it, but we'll check
|
||||||
// anyways
|
// anyways
|
||||||
if ( time () - filemtime ( $ansible_lastrun ) > $ratelimit ) {
|
if ( time () - filemtime ( $ansible_lastrun ) > $ratelimit ) {
|
||||||
touch ( $ansible_dropfile );
|
//touch ( $ansible_dropfile );
|
||||||
touch ( $ansible_lastrun );
|
touch ( $ansible_lastrun );
|
||||||
echo "HTTP 200 - Ansible webhook recieved.\n";
|
echo "HTTP 200 - Ansible webhook recieved.\n";
|
||||||
}
|
}
|
||||||
|
@ -71,7 +160,7 @@ if ($data["repository"]["full_name"] == 'thunix/ansible') {
|
||||||
elseif ($data["repository"]["full_name"] == 'thunix/www') {
|
elseif ($data["repository"]["full_name"] == 'thunix/www') {
|
||||||
syslog(LOG_INFO, 'WWW Webhook recieved.');
|
syslog(LOG_INFO, 'WWW Webhook recieved.');
|
||||||
if ( time () - filemtime ( $www_lastrun ) > $ratelimit ) {
|
if ( time () - filemtime ( $www_lastrun ) > $ratelimit ) {
|
||||||
touch ( $www_dropfile );
|
//touch ( $www_dropfile );
|
||||||
touch ( $www_lastrun );
|
touch ( $www_lastrun );
|
||||||
http_response_code(200);
|
http_response_code(200);
|
||||||
echo "HTTP 200 - WWW webhook recieved.\n";
|
echo "HTTP 200 - WWW webhook recieved.\n";
|
||||||
|
@ -84,10 +173,10 @@ elseif ($data["repository"]["full_name"] == 'thunix/www') {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Hook for gopher. Not implemented on the backend yet.
|
// Hook for gopher. Not implemented on the backend yet.
|
||||||
elseif ($data["repository"]["full_name"] == 'thunix/gopher') {
|
elseif ($data["repository"]["full_name"] == 'thunix/thunix_gopher') {
|
||||||
syslog(LOG_INFO, 'Gopher Webhook recieved.');
|
syslog(LOG_INFO, 'Gopher Webhook recieved.');
|
||||||
if ( time () - filemtime ( $gopher_lastrun ) > $ratelimit ) {
|
if ( time () - filemtime ( $gopher_lastrun ) > $ratelimit ) {
|
||||||
touch ( $gopher_dropfile );
|
//touch ( $gopher_dropfile );
|
||||||
touch ( $gopher_lastrun );
|
touch ( $gopher_lastrun );
|
||||||
http_response_code(200);
|
http_response_code(200);
|
||||||
echo "HTTP 200 - Gopher webhook recieved.\n";
|
echo "HTTP 200 - Gopher webhook recieved.\n";
|
||||||
|
|
Loading…
Reference in New Issue