Ok, giving up, splitting the hooks

2019-03-22 00:34:33 +00:00 · 2019-03-22 00:34:33 +00:00 · c5cb06676e
parent 4bb5d5b08e
commit c5cb06676e
2 changed files with 92 additions and 0 deletions
--- a/ansible-hook.php
+++ b/ansible-hook.php
@ -0,0 +1,46 @@
+<?php
+/* gitea deploy webhook */
+
+/* security */
+$access_token     = 'abcdefg';
+$www_lastrun      = '/dev/shm/www-hook-last-run';
+$www_dropfile     = '/dev/shm/run-www';
+$remoteip         = $_SERVER['REMOTE_ADDR'];
+$allowedip        = "195.201.242.48";
+$ratelimit        = 300;
+
+/* get json data */
+$json = file_get_contents('php://input');
+$data = json_decode($json, true);
+
+$client_token = $data["secret"];
+if ($client_token === $access_token)
+{
+    http_response_code(403);
+    echo "HTTP 403 - Forbidden, P1.";
+    die();
+}
+
+if ($remoteip != $allowedip)
+{
+    http_response_code(403);
+    echo "HTTP 403 - Forbidden, P2.";
+    //echo '\n' . $remoteip . " " . $allowedip;
+    die();
+}
+
+syslog(LOG_INFO, 'WWW Webhook recieved.');
+        if ( time () - filemtime ( $www_lastrun ) > $ratelimit ) {
+                touch ( $www_dropfile );
+                touch ( $www_lastrun );
+                echo "HTTP 200 - WWW webhook recieved.";
+                die();
+        }
+        else {
+                http_response_code(429);
+                echo "HTTP 429 - Rate Limited.";
+                die();
+                }
+        die();
+
+?>
--- a/www-hook.php
+++ b/www-hook.php
@ -0,0 +1,46 @@
+<?php
+/* gitea deploy webhook */
+
+/* security */
+$access_token     = 'abcdefg';
+$ansible_lastrun  = '/dev/shm/ansible-hook-last-run';
+$ansible_dropfile = '/dev/shm/run-ansible';
+$remoteip         = $_SERVER['REMOTE_ADDR'];
+$allowedip        = "195.201.242.48";
+$ratelimit        = 300;
+
+/* get json data */
+$json = file_get_contents('php://input');
+$data = json_decode($json, true);
+
+$client_token = $data["secret"];
+if ($client_token === $access_token)
+{
+    http_response_code(403);
+    echo "HTTP 403 - Forbidden, P1.";
+    die();
+}
+
+if ($remoteip != $allowedip)
+{
+    http_response_code(403);
+    echo "HTTP 403 - Forbidden, P2.";
+    //echo '\n' . $remoteip . " " . $allowedip;
+    die();
+}
+
+syslog(LOG_INFO, 'Ansible Webhook recieved.');
+        if ( time () - filemtime ( $ansible_lastrun ) > $ratelimit ) {
+                touch ( $ansible_dropfile );
+                touch ( $ansible_lastrun );
+                echo "HTTP 200 - Ansible webhook recieved.";
+                die();
+        }
+        else {
+                http_response_code(429);
+                echo "HTTP 429 - Rate Limited.";
+                die();
+                }
+        die();
+
+?>