lasthourcloud/bootstrap/helpers/github.php
Andras Bacsai 767824f2f7 fix
2023-06-14 11:03:54 +02:00

81 lines
3.3 KiB
PHP

<?php
use App\Models\GithubApp;
use App\Models\GitlabApp;
use Illuminate\Support\Str;
use Illuminate\Support\Facades\Http;
use Lcobucci\JWT\Encoding\ChainedFormatter;
use Lcobucci\JWT\Encoding\JoseEncoder;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Token\Builder;
function generate_github_installation_token(GithubApp $source)
{
$signingKey = InMemory::plainText($source->privateKey->private_key);
$algorithm = new Sha256();
$tokenBuilder = (new Builder(new JoseEncoder(), ChainedFormatter::default()));
$now = new DateTimeImmutable();
$now = $now->setTime($now->format('H'), $now->format('i'));
$issuedToken = $tokenBuilder
->issuedBy($source->app_id)
->issuedAt($now)
->expiresAt($now->modify('+10 minutes'))
->getToken($algorithm, $signingKey)
->toString();
$token = Http::withHeaders([
'Authorization' => "Bearer $issuedToken",
'Accept' => 'application/vnd.github.machine-man-preview+json'
])->post("{$source->api_url}/app/installations/{$source->installation_id}/access_tokens");
if ($token->failed()) {
throw new \Exception("Failed to get access token for " . $source->name . " with error: " . $token->json()['message']);
}
return $token->json()['token'];
}
function generate_github_jwt_token(GithubApp $source)
{
$signingKey = InMemory::plainText($source->privateKey->private_key);
$algorithm = new Sha256();
$tokenBuilder = (new Builder(new JoseEncoder(), ChainedFormatter::default()));
$now = new DateTimeImmutable();
$now = $now->setTime($now->format('H'), $now->format('i'));
$issuedToken = $tokenBuilder
->issuedBy($source->app_id)
->issuedAt($now->modify('-1 minute'))
->expiresAt($now->modify('+10 minutes'))
->getToken($algorithm, $signingKey)
->toString();
return $issuedToken;
}
function git_api(GithubApp|GitlabApp $source, string $endpoint, string $method = 'get', array|null $data = null, bool $throwError = true)
{
if ($source->getMorphClass() == 'App\Models\GithubApp') {
if ($source->is_public) {
$response = Http::github($source->api_url)->$method($endpoint);
} else {
$github_access_token = generate_github_installation_token($source);
if ($data && ($method === 'post' || $method === 'patch' || $method === 'put')) {
$response = Http::github($source->api_url, $github_access_token)->$method($endpoint, $data);
} else {
$response = Http::github($source->api_url, $github_access_token)->$method($endpoint);
}
}
}
$json = $response->json();
if ($response->failed() && $throwError) {
throw new \Exception("Failed to get data from {$source->name} with error: " . $json['message']);
}
return [
'rate_limit_remaining' => $response->header('X-RateLimit-Remaining'),
'data' => collect($json)
];
}
function get_installation_path(GithubApp $source)
{
$github = GithubApp::where('uuid', $source->uuid)->first();
$name = Str::of(Str::kebab($github->name));
$installation_path = $github->html_url === 'https://github.com' ? 'apps' : 'github-apps';
return "$github->html_url/$installation_path/$name/installations/new";
}