Shiloh/lasthourcloud
Shiloh/lasthourcloud
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

test hmac

Browse Source
This commit is contained in:
Andras Bacsai 2023-06-13 15:37:55 +02:00
parent 8dbe3cfe0c
commit eca9f60d7d
4 changed files with 25 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app/Jobs/ApplicationDeploymentJob.php
View File

@ -92,7 +92,6 @@ public function __construct(
public function handle(): void
{
try {
ray()->clearScreen();
if ($this->application->deploymentType() === 'source') {
$this->source = $this->application->source->getMorphClass()::where('id', $this->application->source->id)->first();
}
@ -100,7 +99,7 @@ public function handle(): void
$this->workdir = "/artifacts/{$this->deployment_uuid}";
if ($this->pull_request_id !== 0) {
ray('Deploying pull/' . $this->pull_request_id . '/head for application: ' . $this->application->name);
ray('Deploying pull/' . $this->pull_request_id . '/head for application: ' . $this->application->name)->green();
if ($this->application->fqdn) {
$preview_fqdn = data_get($this->preview, 'fqdn');
$template = $this->application->preview_url_template;
@ -253,13 +252,13 @@ private function deploy()
"echo 'Starting deployment of {$this->application->git_repository}:{$this->application->git_branch}...'",
]);
$this->start_builder_image();
ray('Rollback Commit: ' . $this->rollback_commit);
ray('Rollback Commit: ' . $this->rollback_commit)->green();
if ($this->rollback_commit === 'HEAD') {
$this->clone_repository();
}
$this->build_image_name = "{$this->application->uuid}:{$this->git_commit}-build";
$this->production_image_name = "{$this->application->uuid}:{$this->git_commit}";
ray('Build Image Name: ' . $this->build_image_name . ' & Production Image Name:' . $this->production_image_name);
ray('Build Image Name: ' . $this->build_image_name . ' & Production Image Name:' . $this->production_image_name)->green();
if (!$this->force_rebuild) {
$this->execute_now([
"docker images -q {$this->application->uuid}:{$this->git_commit} 2>/dev/null",
@ -295,7 +294,7 @@ public function failed(): void
private function next(string $status)
{
if (!Str::of($this->application_deployment_queue->status)->startsWith('cancelled')) {
ray('Next Status: ' . $status);
ray('Next Status: ' . $status)->green();
$this->application_deployment_queue->update([
'status' => $status,
]);
@ -319,14 +318,14 @@ private function execute_in_builder(string $command)
private function generate_environment_variables($ports)
{
$environment_variables = collect();
ray('Generate Environment Variables');
ray('Generate Environment Variables')->green();
if ($this->pull_request_id === 0) {
ray($this->application->runtime_environment_variables);
ray($this->application->runtime_environment_variables)->green();
foreach ($this->application->runtime_environment_variables as $env) {
$environment_variables->push("$env->key=$env->value");
}
} else {
ray($this->application->runtime_environment_variables_preview);
ray($this->application->runtime_environment_variables_preview)->green();
foreach ($this->application->runtime_environment_variables_preview as $env) {
$environment_variables->push("$env->key=$env->value");
}
@ -451,7 +450,7 @@ private function generate_local_persistent_volumes()
}
$local_persistent_volumes[] = $volume_name . ':' . $persistentStorage->mount_path;
}
ray('local_persistent_volumes', $local_persistent_volumes);
ray('local_persistent_volumes', $local_persistent_volumes)->green();
return $local_persistent_volumes;
}
@ -581,13 +580,13 @@ private function execute_now(
} else {
$commandText = collect($command)->implode("\n");
}
ray('Executing command: ' . $commandText);
ray('Executing command: ' . $commandText)->green();
$this->activity->properties = $this->activity->properties->merge([
'command' => $commandText,
]);
$this->activity->save();
if ($isDebuggable && !$this->application->settings->is_debug_enabled) {
ray('Debugging is disabled for this application. Skipping command.');
ray('Debugging is disabled for this application. Skipping command.')->green();
$hideFromOutput = true;
}
$remote_process = resolve(RunRemoteProcess::class, [

2
database/seeders/GithubAppSeeder.php
View File

@ -34,7 +34,7 @@ public function run(): void
'app_id' => 292941,
'installation_id' => 37267016,
'client_id' => 'Iv1.220e564d2b0abd8c',
'client_secret' => '96b1b31f36ce0a34386d11798ff35b9b6d8aba3a',
'client_secret' => '116d1d80289f378410dd70ab4e4b81dd8d2c52b6',
'webhook_secret' => '326a47b49054f03288f800d81247ec9414d0abf3',
'private_key_id' => $private_key_2->id,
'team_id' => $root_team->id,

18
routes/webhooks.php
View File

@ -61,7 +61,7 @@
$x_github_delivery = request()->header('X-GitHub-Delivery');
$x_github_event = Str::lower(request()->header('X-GitHub-Event'));
$x_github_hook_installation_target_id = request()->header('X-GitHub-Hook-Installation-Target-Id');
$x_hub_signature_256 = request()->header('X-Hub-Signature-256');
$x_hub_signature_256 = Str::after(request()->header('X-Hub-Signature-256'), 'sha256=');
$payload = request()->collect();
if ($x_github_event === 'ping') {
// Just pong
@ -72,13 +72,15 @@
return response('cool');
}
$github_app = GithubApp::where('app_id', $x_github_hook_installation_target_id)->firstOrFail();
// TODO: Verify signature
// $webhook_secret = data_get($github_app, 'webhook_secret');
// $key = hash('sha256', $webhook_secret, true);
// $hmac = hash_hmac('sha256', request()->getContent(), $key);
// if (!hash_equals($hmac, $x_hub_signature_256)) {
// return response('not cool');
// }
$webhook_secret = data_get($github_app, 'webhook_secret');
$hmac = hash_hmac('sha256', request()->getContent(), $webhook_secret);
ray($hmac, $x_hub_signature_256)->blue();
if (config('app.env') !== 'local') {
if (!hash_equals($x_hub_signature_256, $hmac)) {
return response('not cool');
}
}
if ($x_github_event === 'push') {
$id = data_get($payload, 'repository.id');

8
thunder-tests/thunderclient.json
View File

File diff suppressed because one or more lines are too long