test hmac
This commit is contained in:
Andras Bacsai
parent
8dbe3cfe0c
commit
eca9f60d7d
@ -92,7 +92,6 @@ public function __construct(
|
|||||||
public function handle(): void
|
public function handle(): void
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
ray()->clearScreen();
|
|
||||||
if ($this->application->deploymentType() === 'source') {
|
if ($this->application->deploymentType() === 'source') {
|
||||||
$this->source = $this->application->source->getMorphClass()::where('id', $this->application->source->id)->first();
|
$this->source = $this->application->source->getMorphClass()::where('id', $this->application->source->id)->first();
|
||||||
}
|
}
|
||||||
@ -100,7 +99,7 @@ public function handle(): void
|
|||||||
$this->workdir = "/artifacts/{$this->deployment_uuid}";
|
$this->workdir = "/artifacts/{$this->deployment_uuid}";
|
||||||
|
|
||||||
if ($this->pull_request_id !== 0) {
|
if ($this->pull_request_id !== 0) {
|
||||||
ray('Deploying pull/' . $this->pull_request_id . '/head for application: ' . $this->application->name);
|
ray('Deploying pull/' . $this->pull_request_id . '/head for application: ' . $this->application->name)->green();
|
||||||
if ($this->application->fqdn) {
|
if ($this->application->fqdn) {
|
||||||
$preview_fqdn = data_get($this->preview, 'fqdn');
|
$preview_fqdn = data_get($this->preview, 'fqdn');
|
||||||
$template = $this->application->preview_url_template;
|
$template = $this->application->preview_url_template;
|
||||||
@ -253,13 +252,13 @@ private function deploy()
|
|||||||
"echo 'Starting deployment of {$this->application->git_repository}:{$this->application->git_branch}...'",
|
"echo 'Starting deployment of {$this->application->git_repository}:{$this->application->git_branch}...'",
|
||||||
]);
|
]);
|
||||||
$this->start_builder_image();
|
$this->start_builder_image();
|
||||||
ray('Rollback Commit: ' . $this->rollback_commit);
|
ray('Rollback Commit: ' . $this->rollback_commit)->green();
|
||||||
if ($this->rollback_commit === 'HEAD') {
|
if ($this->rollback_commit === 'HEAD') {
|
||||||
$this->clone_repository();
|
$this->clone_repository();
|
||||||
}
|
}
|
||||||
$this->build_image_name = "{$this->application->uuid}:{$this->git_commit}-build";
|
$this->build_image_name = "{$this->application->uuid}:{$this->git_commit}-build";
|
||||||
$this->production_image_name = "{$this->application->uuid}:{$this->git_commit}";
|
$this->production_image_name = "{$this->application->uuid}:{$this->git_commit}";
|
||||||
ray('Build Image Name: ' . $this->build_image_name . ' & Production Image Name:' . $this->production_image_name);
|
ray('Build Image Name: ' . $this->build_image_name . ' & Production Image Name:' . $this->production_image_name)->green();
|
||||||
if (!$this->force_rebuild) {
|
if (!$this->force_rebuild) {
|
||||||
$this->execute_now([
|
$this->execute_now([
|
||||||
"docker images -q {$this->application->uuid}:{$this->git_commit} 2>/dev/null",
|
"docker images -q {$this->application->uuid}:{$this->git_commit} 2>/dev/null",
|
||||||
@ -295,7 +294,7 @@ public function failed(): void
|
|||||||
private function next(string $status)
|
private function next(string $status)
|
||||||
{
|
{
|
||||||
if (!Str::of($this->application_deployment_queue->status)->startsWith('cancelled')) {
|
if (!Str::of($this->application_deployment_queue->status)->startsWith('cancelled')) {
|
||||||
ray('Next Status: ' . $status);
|
ray('Next Status: ' . $status)->green();
|
||||||
$this->application_deployment_queue->update([
|
$this->application_deployment_queue->update([
|
||||||
'status' => $status,
|
'status' => $status,
|
||||||
]);
|
]);
|
||||||
@ -319,14 +318,14 @@ private function execute_in_builder(string $command)
|
|||||||
private function generate_environment_variables($ports)
|
private function generate_environment_variables($ports)
|
||||||
{
|
{
|
||||||
$environment_variables = collect();
|
$environment_variables = collect();
|
||||||
ray('Generate Environment Variables');
|
ray('Generate Environment Variables')->green();
|
||||||
if ($this->pull_request_id === 0) {
|
if ($this->pull_request_id === 0) {
|
||||||
ray($this->application->runtime_environment_variables);
|
ray($this->application->runtime_environment_variables)->green();
|
||||||
foreach ($this->application->runtime_environment_variables as $env) {
|
foreach ($this->application->runtime_environment_variables as $env) {
|
||||||
$environment_variables->push("$env->key=$env->value");
|
$environment_variables->push("$env->key=$env->value");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ray($this->application->runtime_environment_variables_preview);
|
ray($this->application->runtime_environment_variables_preview)->green();
|
||||||
foreach ($this->application->runtime_environment_variables_preview as $env) {
|
foreach ($this->application->runtime_environment_variables_preview as $env) {
|
||||||
$environment_variables->push("$env->key=$env->value");
|
$environment_variables->push("$env->key=$env->value");
|
||||||
}
|
}
|
||||||
@ -451,7 +450,7 @@ private function generate_local_persistent_volumes()
|
|||||||
}
|
}
|
||||||
$local_persistent_volumes[] = $volume_name . ':' . $persistentStorage->mount_path;
|
$local_persistent_volumes[] = $volume_name . ':' . $persistentStorage->mount_path;
|
||||||
}
|
}
|
||||||
ray('local_persistent_volumes', $local_persistent_volumes);
|
ray('local_persistent_volumes', $local_persistent_volumes)->green();
|
||||||
return $local_persistent_volumes;
|
return $local_persistent_volumes;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -581,13 +580,13 @@ private function execute_now(
|
|||||||
} else {
|
} else {
|
||||||
$commandText = collect($command)->implode("\n");
|
$commandText = collect($command)->implode("\n");
|
||||||
}
|
}
|
||||||
ray('Executing command: ' . $commandText);
|
ray('Executing command: ' . $commandText)->green();
|
||||||
$this->activity->properties = $this->activity->properties->merge([
|
$this->activity->properties = $this->activity->properties->merge([
|
||||||
'command' => $commandText,
|
'command' => $commandText,
|
||||||
]);
|
]);
|
||||||
$this->activity->save();
|
$this->activity->save();
|
||||||
if ($isDebuggable && !$this->application->settings->is_debug_enabled) {
|
if ($isDebuggable && !$this->application->settings->is_debug_enabled) {
|
||||||
ray('Debugging is disabled for this application. Skipping command.');
|
ray('Debugging is disabled for this application. Skipping command.')->green();
|
||||||
$hideFromOutput = true;
|
$hideFromOutput = true;
|
||||||
}
|
}
|
||||||
$remote_process = resolve(RunRemoteProcess::class, [
|
$remote_process = resolve(RunRemoteProcess::class, [
|
||||||
|
|||||||
@ -34,7 +34,7 @@ public function run(): void
|
|||||||
'app_id' => 292941,
|
'app_id' => 292941,
|
||||||
'installation_id' => 37267016,
|
'installation_id' => 37267016,
|
||||||
'client_id' => 'Iv1.220e564d2b0abd8c',
|
'client_id' => 'Iv1.220e564d2b0abd8c',
|
||||||
'client_secret' => '96b1b31f36ce0a34386d11798ff35b9b6d8aba3a',
|
'client_secret' => '116d1d80289f378410dd70ab4e4b81dd8d2c52b6',
|
||||||
'webhook_secret' => '326a47b49054f03288f800d81247ec9414d0abf3',
|
'webhook_secret' => '326a47b49054f03288f800d81247ec9414d0abf3',
|
||||||
'private_key_id' => $private_key_2->id,
|
'private_key_id' => $private_key_2->id,
|
||||||
'team_id' => $root_team->id,
|
'team_id' => $root_team->id,
|
||||||
|
|||||||
@ -61,7 +61,7 @@
|
|||||||
$x_github_delivery = request()->header('X-GitHub-Delivery');
|
$x_github_delivery = request()->header('X-GitHub-Delivery');
|
||||||
$x_github_event = Str::lower(request()->header('X-GitHub-Event'));
|
$x_github_event = Str::lower(request()->header('X-GitHub-Event'));
|
||||||
$x_github_hook_installation_target_id = request()->header('X-GitHub-Hook-Installation-Target-Id');
|
$x_github_hook_installation_target_id = request()->header('X-GitHub-Hook-Installation-Target-Id');
|
||||||
$x_hub_signature_256 = request()->header('X-Hub-Signature-256');
|
$x_hub_signature_256 = Str::after(request()->header('X-Hub-Signature-256'), 'sha256=');
|
||||||
$payload = request()->collect();
|
$payload = request()->collect();
|
||||||
if ($x_github_event === 'ping') {
|
if ($x_github_event === 'ping') {
|
||||||
// Just pong
|
// Just pong
|
||||||
@ -72,13 +72,15 @@
|
|||||||
return response('cool');
|
return response('cool');
|
||||||
}
|
}
|
||||||
$github_app = GithubApp::where('app_id', $x_github_hook_installation_target_id)->firstOrFail();
|
$github_app = GithubApp::where('app_id', $x_github_hook_installation_target_id)->firstOrFail();
|
||||||
// TODO: Verify signature
|
|
||||||
// $webhook_secret = data_get($github_app, 'webhook_secret');
|
$webhook_secret = data_get($github_app, 'webhook_secret');
|
||||||
// $key = hash('sha256', $webhook_secret, true);
|
$hmac = hash_hmac('sha256', request()->getContent(), $webhook_secret);
|
||||||
// $hmac = hash_hmac('sha256', request()->getContent(), $key);
|
ray($hmac, $x_hub_signature_256)->blue();
|
||||||
// if (!hash_equals($hmac, $x_hub_signature_256)) {
|
if (config('app.env') !== 'local') {
|
||||||
// return response('not cool');
|
if (!hash_equals($x_hub_signature_256, $hmac)) {
|
||||||
// }
|
return response('not cool');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ($x_github_event === 'push') {
|
if ($x_github_event === 'push') {
|
||||||
$id = data_get($payload, 'repository.id');
|
$id = data_get($payload, 'repository.id');
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user