Main RocketGit repo
/inc/wh/amazon.inc.php (043de177ae890014a7aa5311804278d9691dd6f5) (11234 bytes) (mode 100644) (type blob)
<?php
/*
* Builds the signature for a request
*/
function rg_amazon_auth($a)
{
rg_prof_start('amazon_auth');
rg_log_enter('amazon_auth');
rg_log_ml('a: ' . rg_array2string($a));
$ret = array('ok' => 0);
while (1) {
if (!isset($a['service']))
$service = '';
else
$service = $a['service'];
// Must be ordered!
$ret['query_string'] = '';
if (!isset($a['query_string'])) {
$ret['query_string'] = '';
} else if (is_array($a['query_string'])) {
ksort($a['query_string']);
$add = '';
foreach ($a['query_string'] as $k => $v) {
$ret['query_string'] .= $add
. urlencode($k) . '='
. urlencode($v);
$add = '&';
}
} else {
$ret['query_string'] = $a['query_string'];
}
if (strcmp($a['method'], 'GET') == 0) {
$qs = $ret['query_string'];
$ret['query_string'] = '';
} else {
$qs = '';
}
rg_log_debug('ret[query_string]=' . $ret['query_string']);
if (!empty($a['content'])) {
$a['x-amz-content-sha256'] = hash('sha256', $a['content'], TRUE);
rg_log_debug('a[content] is set to: ' . $a['content']);
$a['iheaders']['x-amz-content-sha256'] =
bin2hex($a['x-amz-content-sha256']);
} else {
$a['x-amz-content-sha256'] = hash('sha256',
$ret['query_string'], TRUE);
rg_log_debug('a[content] is not set');
}
rg_log_debug('a[iheaders]: ' . rg_array2string($a['iheaders']));
$iheaders_final = array();
$iheaders_list = array();
foreach ($a['iheaders'] as $head => $val) {
$iheaders_final[] = strtolower($head)
. ':' . trim($val);
$iheaders_list[] = strtolower($head);
}
asort($iheaders_list);
asort($iheaders_final);
$iheaders_list = implode(';', $iheaders_list);
$iheaders_final = implode("\n", $iheaders_final) . "\n\n";
$ret['iheaders'] = $a['iheaders'];
$canonical_request = $a['method'] . "\n"
. $a['url'] . urlencode($a['file']) . "\n"
. $qs . "\n"
. $iheaders_final
. $iheaders_list . "\n"
. bin2hex($a['x-amz-content-sha256']);
rg_log_debug('canonical_request:' . "\n" . $canonical_request
. "\n" . '===');
$string_to_sign = 'AWS4-HMAC-SHA256' . "\n"
. $a['x-amz-date'] . "\n"
. gmdate('Ymd', $a['ts'])
. '/' . $a['region']
. '/' . $service
. '/' . 'aws4_request'
. "\n"
. hash('sha256', $canonical_request);
rg_log_ml('string_to_sign:' . "\n" . $string_to_sign
. "\n" . '===');
rg_log_debug('secret_access_key=' . $a['secret_access_key'] . '.');
$date_key = hash_hmac('sha256', gmdate('Ymd', $a['ts']),
'AWS4' . $a['secret_access_key'], TRUE);
rg_log_debug('date_key=' . bin2hex($date_key));
$date_region_key = hash_hmac('sha256', $a['region'],
$date_key, TRUE);
rg_log_debug('date_region_key=' . bin2hex($date_region_key));
$date_region_service_key = hash_hmac('sha256',
$service, $date_region_key, TRUE);
rg_log_debug('service=' . $service . ' date_region_service_key=' . bin2hex($date_region_service_key));
$signing_key = hash_hmac('sha256', 'aws4_request',
$date_region_service_key, TRUE);
rg_log_debug('signing_key=' . bin2hex($signing_key));
$signature = hash_hmac('sha256', $string_to_sign, $signing_key);
rg_log_debug('signature=' . $signature);
$cred = $a['access_key_id']
. '/' . gmdate('Ymd', $a['ts'])
. '/' . $a['region']
. '/' . $service
. '/aws4_request';
$ret['data'] = 'AWS4-HMAC-SHA256'
. ' Credential=' . $cred
. ', SignedHeaders=' . $iheaders_list
. ', Signature=' . $signature;
$ret['ok'] = 1;
break;
}
rg_log_exit();
rg_prof_end('amazon_auth');
return $ret;
}
/*
* Generic curl helper
*/
function rg_amazon_curl($url, $method, $headers, $data)
{
rg_log_ml('amazon_curl: data: START' . "\n"
. rg_array2string($data) . "\n" . 'END');
$ret = array('ok' => 0);
while (1) {
if (strcmp($method, 'GET') == 0) {
if (!strstr($url, '?'))
$url .= '?';
$url .= $data;
}
$c = curl_init($url);
if ($c === FALSE) {
$ret['errmsg'] = 'cannot init curl';
break;
}
curl_setopt($c, CURLOPT_CUSTOMREQUEST, $method);
if (strcmp($method, 'GET') != 0) {
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, $data);
}
curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
//curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
curl_setopt($c, CURLOPT_USERAGENT, 'RocketGit Cloud client');
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($c, CURLOPT_ENCODING, ''); // => use all methods
curl_setopt($c, CURLOPT_VERBOSE, TRUE);
curl_setopt($c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
//curl_setopt($c, CURLOPT_CERTINFO, TRUE);
$err = @fopen('php://temp', 'w');
if ($err !== FALSE)
curl_setopt($c, CURLOPT_STDERR, $err);
$r = curl_exec($c);
rg_log_debug('curl_exec returned: ' . $r);
if ($err !== FALSE) {
rewind($err);
$xerr = @fread($err, 16 * 4096);
fclose($err);
$ret['debug'] = $xerr;
rg_log_debug('xerr=' . "\n" . $xerr);
}
if ($r === FALSE) {
$ret['errmsg'] = curl_error($c);
$_info = curl_getinfo($c);
rg_log_debug('_info: ' . rg_array2string($_info));
break;
}
$_info = curl_getinfo($c);
rg_log_debug('_info: ' . rg_array2string($_info));
if (($_info['http_code'] != 200)
&& ($_info['http_code'] != 301)) {
$ret['errmsg'] = $r;
break;
}
$ret['ok'] = 1;
$ret['answer'] = $r;
break;
}
curl_close($c);
return $ret;
}
/*
* Make a generic request to the amazon
*/
function rg_amazon_req($a)
{
rg_prof_start('amazon_req');
rg_log_enter('amazon_req');
rg_log_debug('a:' . rg_array2string($a));
$ret = array('ok' => 0);
while (1) {
if (!isset($a['url']))
$a['url'] = '/';
if (!isset($a['file']))
$a['file'] = '';
if (!empty($a['file']))
$a['file'] = $a['file'];
$url = 'https://' . $a['host'] . $a['url'] . $a['file'];
$a['region'] = trim(strtolower($a['region']));
if (!isset($a['ts']))
$a['ts'] = time();
$a['x-amz-date'] = gmdate('Ymd', $a['ts'])
. 'T' . gmdate('His', $a['ts']) . 'Z';
$a['host'] = trim(strtolower($a['host']));
$a['service'] = trim(strtolower($a['service']));
if (!isset($a['iheaders']))
$a['iheaders'] = array();
$a['iheaders']['Host'] = $a['host'];
$a['iheaders']['x-amz-date'] = $a['x-amz-date'];
$auth = rg_amazon_auth($a);
if ($auth['ok'] != 1) {
$ret['errmsg'] = $auth['error'];
break;
}
$headers = array();
if (isset($a['content_type']))
$headers[] = 'Content-Type: ' . $a['content_type'];
$headers[] = 'Authorization: ' . $auth['data'];
foreach ($auth['iheaders'] as $head => $val)
$headers[] = $head . ': ' . $val;
rg_log_debug('HEADERS:' . rg_array2string($headers));
$ret = rg_amazon_curl($url, $a['method'], $headers,
$a['content']);
break;
}
rg_log_exit();
rg_prof_end('amazon_req');
return $ret;
}
/*
*
* @bucket contains the domain part (s3.amazonaws.com for example)
*/
function rg_amazon_s3_put_object($a, $content)
{
rg_prof_start('amazon_s3_put_object');
rg_log_enter('amazon_s3_put_object');
rg_log_ml('a: ' . rg_array2string($a));
$ret = array('ok' => 0);
while (1) {
$a['service'] = 's3';
$a['method'] = 'PUT';
$a['host'] = $a['bucket'] . '.' . $a['service'] . '.'
. $a['region'] . '.amazonaws.com';
$a['content'] = $content;
$ret = rg_amazon_req($a);
break;
}
rg_log_exit();
rg_prof_end('amazon_s3_put_object');
return $ret;
}
/*
* Create a code deploy
* http://docs.aws.amazon.com/codedeploy/latest/APIReference/API_CreateDeployment.html
*/
function rg_amazon_codedeploy_create($a)
{
rg_prof_start('amazon_codedeploy_create');
rg_log_enter_ml('amazon_codedeploy_create');
if (empty($a['deployment_config_name']))
$a['deployment_config_name'] = 'CodeDeployDefault.OneAtATime';
// do the codedeploy - we may want to add "version" to "s3Location"
$json = '{'
. '"applicationName": ' . rg_json_escape($a['application_name'])
. ', "deploymentGroupName": ' . rg_json_escape($a['deployment_group_name'])
. ', "description": "test description"'
. ', "deploymentConfigName": ' . rg_json_escape($a['deployment_config_name'])
. ', "ignoreApplicationStopFailures": ' . (strchr($a['flags'], 'I') ? 'true' : 'false')
. ', "revision": {'
. '"revisionType": "S3"'
. ', "s3Location": {'
. '"bundleType": "zip"'
. ', "bucket": ' . rg_json_escape($a['bucket'])
. ', "key": ' . rg_json_escape($a['file'])
. '}'
. '}'
. '}';
$ret = array('ok' => 0);
while (1) {
$a['service'] = 'codedeploy';
$a['method'] = 'POST';
$a['host'] = $a['service'] . '.' . $a['region'] . '.amazonaws.com';
$a['iheaders'] = array('x-amz-target' => 'CodeDeploy_20141006.CreateDeployment');
$a['content'] = $json;
$a['content_type'] = 'application/x-amz-json-1.1';
$ret = rg_amazon_req($a);
break;
}
rg_log_exit();
rg_prof_end('amazon_codedeploy_create');
return $ret;
}
/*
* Calls an Amazon Lambda function
* http://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html
*/
function rg_amazon_lambda_invoke($a)
{
rg_prof_start('amazon_lambda_invoke');
rg_log_enter_ml('amazon_lambda_invoke');
if (!isset($a['invocation_type']))
$a['invocation_type'] = 'RequestResponse';
$ret = array('ok' => 0);
while (1) {
$a['service'] = 'lambda';
$a['method'] = 'POST';
$a['url'] = '/2015-03-31/functions/' . $a['function']
. '/invocations';
$a['host'] = $a['service'] . '.' . $a['region'] . '.amazonaws.com';
$a['iheaders'] = array(
'x-Amz-Invocation-Type' => $a['invocation_type'],
'x-Amz-Log-Type' => 'Tail');
$a['content'] = $a['payload'];
$ret = rg_amazon_req($a);
break;
}
rg_log_exit();
rg_prof_end('amazon_lambda_invoke');
return $ret;
}
/*
* Generic cosmetic for Amazon
*/
function rg_wh_amazon_cosmetic(&$row)
{
$a = $row['idata']['access_key_id'];
$row['idata']['HTML:access_key_id_secure'] =
rg_xss_safe(substr($a, 0, 1) . '...' . substr($a, -1, 1));
$a = $row['idata']['secret_access_key'];
$row['idata']['HTML:secret_access_key_secure'] =
rg_xss_safe(substr($a, 0, 1) . '...' . substr($a, -1, 1));
}
/*
* Generic fill_vars for Amazon
*/
function rg_wh_amazon_fill_vars(&$a)
{
$a['access_key_id'] = trim(rg_var_str('wh::idata::access_key_id'));
$a['secret_access_key'] = trim(rg_var_str('wh::idata::secret_access_key'));
$a['region'] = trim(rg_var_str('wh::idata::region'));
}
/*
* Generic validation for Amazon
*/
function rg_wh_amazon_validate_vars($a, &$errmsg)
{
$ret = FALSE;
while (1) {
if (empty($a['access_key_id'])) {
$errmsg[] = rg_template('user/settings/wh/amazon/inv_access_key_id.txt',
$rg, TRUE /*xss*/);
break;
}
if (empty($a['secret_access_key'])) {
$errmsg[] = rg_template('user/settings/wh/amazon/inv_secret_access_key.txt',
$rg, TRUE /*xss*/);
break;
}
if (empty($a['region'])) {
$errmsg[] = rg_template('user/settings/wh/amazon/inv_region.txt',
$rg, TRUE /*xss*/);
break;
}
$ret = TRUE;
break;
}
return $ret;
}
/*
* Generic default_paras for Amazon
*/
function rg_wh_amazon_default_paras(&$a)
{
if (!isset($a['region']))
$a['region'] = '';
if (!isset($a['access_key_id']))
$a['access_key_id'] = '';
if (!isset($a['secret_access_key']))
$a['secret_access_key'] = '';
}
| Mode | Type | Size | Ref | File |
|---|---|---|---|---|
| 100644 | blob | 9 | f3c7a7c5da68804a1bdf391127ba34aed33c3cca | .exclude |
| 100644 | blob | 108 | acc2186b1d357966e09df32afcea14933f5f0c78 | .gitignore |
| 100644 | blob | 375 | 1f425bcd2049c526744d449511094fc045ceac74 | AUTHORS |
| 100644 | blob | 2375 | 07d4a2277dd1c385e2562a9ac7c636bcdd084c18 | History.txt |
| 100644 | blob | 34520 | dba13ed2ddf783ee8118c6a581dbf75305f816a3 | LICENSE |
| 100644 | blob | 3632 | f216d8f6ca7180c095ee4fcbe96d8fc2ca2b0dee | Makefile.in |
| 100644 | blob | 5325 | 96c40d868ce10b715299085ccffb30f96a730cf3 | README |
| 100644 | blob | 192509 | 58df4c67a312c3a7dc7d0f102b55e90b9127bc87 | TODO |
| 100644 | blob | 1294 | f22911eb777f0695fcf81ad686eac133eb11fcc4 | TODO-plans |
| 100644 | blob | 203 | a2863c67c3da44126b61a15a6f09738c25e0fbe0 | TODO.perf |
| 100644 | blob | 967 | 56bbaa7c937381fb10a2907b6bbe056ef8cc824a | TODO.vm |
| 040000 | tree | - | 21928e906ad2907a55c2e81c2a8b0502b586b8a0 | artwork |
| 100644 | blob | 5328 | d5be4cc3f15d059ad8d267d800c602e9774816a8 | compare.csv |
| 100755 | blob | 30 | 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 | configure |
| 040000 | tree | - | 0a74883db0753f35db9a227ed8f0f46e3c8b1746 | debian |
| 040000 | tree | - | fa4b417ddd8b9684c764ea6f1c96065c4d9427b1 | docker |
| 040000 | tree | - | f67d3605efbd6422a8acdd953578991139266391 | docs |
| 100755 | blob | 18252 | e2438615edba7066a730ed6a796a5302263f1f37 | duilder |
| 100644 | blob | 536 | 4d35fc700881fc03e043a4c22d8770baa298d093 | duilder.conf |
| 040000 | tree | - | 73914e7faf49474a12b29e936ae77006254cc1a1 | hooks |
| 040000 | tree | - | 343af578d66f98094554d1c45d863a21f2dfbf2f | inc |
| 040000 | tree | - | e255ce234c3993998edc12bc7e93fff555376eda | misc |
| 100644 | blob | 6307 | 67d5e75076766ad844969abaff446face8ca9eff | rocketgit.spec |
| 040000 | tree | - | 459cf6e889bc65568b4fe8d99774380bd2844b39 | root |
| 040000 | tree | - | b6db32295abaf3229561581e7577da53af8caf47 | samples |
| 040000 | tree | - | 3e6d3d08c1a0baea952bada0f36e29ad9f82d778 | scripts |
| 040000 | tree | - | 454044f7e286fe13ec18598fce6b613190f52e5e | selinux |
| 100755 | blob | 256 | 462ccd108c431f54e380cdac2329129875a318b5 | spell_check.sh |
| 040000 | tree | - | d9260d3cf0d6490be720312893600a8041bf991b | techdocs |
| 040000 | tree | - | fae18775ac52de4a170fcd1baa733433f31b9559 | tests |
| 040000 | tree | - | e810d7397575886ef495708d571eb3675f6928ba | tools |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!