Main RocketGit repo
/inc/wh/http.inc.php (d6182c36deb9e8c2591859202bc57be4a673ff92) (10161 bytes) (mode 100644) (type blob)
<?php
require_once($INC . "/util.inc.php");
require_once($INC . "/log.inc.php");
require_once($INC . "/sql.inc.php");
require_once($INC . "/prof.inc.php");
require_once($INC . "/events.inc.php");
require_once($INC . "/wh/core.inc.php");
$rg_wh_http_functions = array(
'wh_http_send' => 'rg_wh_http_send',
'wh_http_send_one' => 'rg_wh_http_send_one'
);
rg_event_register_functions($rg_wh_http_functions);
/*
* Helper for rg_wh_http_send
*/
function rg_wh_http_send_one($db, $event)
{
rg_prof_start('wh_http_send_helper');
$wh = &$event['wh'];
// replace ##tags##
rg_wh_replace_tags($event);
//if ($wh['idata']['debug'] == 1)
rg_log_ml('wh_http_send_one: event: ' . print_r($event, TRUE));
$headers = array();
while (!empty($wh['idata']['key'])) {
if ($wh['idata']['itype'] == 0)
break;
$headers[] = 'X-RocketGit-Signature: '
. hash_hmac('sha512', $wh['idata']['final'], $wh['idata']['key']);
break;
}
$c = curl_init($wh['idata']['url']);
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, $wh['idata']['final']);
curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
curl_setopt($c, CURLOPT_USERAGENT, 'RocketGit WebHook');
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($c, CURLOPT_ENCODING, ''); // => use all methods
curl_setopt($c, CURLOPT_VERBOSE, TRUE);
curl_setopt($c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
//curl_setopt($c, CURLOPT_CERTINFO, TRUE);
// Else, a second wh, without client cert can use the connection:
curl_setopt($c, CURLOPT_FORBID_REUSE, TRUE);
$err = @fopen('php://temp', 'w');
if ($err !== FALSE)
curl_setopt($c, CURLOPT_STDERR, $err);
if (strchr($wh['flags'], 'I'))
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, FALSE);
if (strchr($wh['flags'], 'H'))
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0); // TODO verify 0 is a good value (default 2)
$ret = FALSE;
$cert_file = FALSE;
$ca_file = FALSE;
while (1) {
$xid = rg_id(8);
if (!empty($wh['idata']['client_cert'])) {
rg_log('DEBUG: will provide client cert...');
$f = 'wh-' . $event['ui']['uid'] . '-' . $wh['id'] . '-client-' . $xid;
$cert_file = rg_tmp_file($f, $wh['idata']['client_cert']);
if ($cert_file === FALSE)
break;
curl_setopt($c, CURLOPT_SSLCERT, $cert_file);
} else {
rg_log('DEBUG: will NOT provide client cert...');
// TODO: Somehow, without next line, the cert is still sent!
curl_setopt($c, CURLOPT_SSLCERT, FALSE);
}
if (!empty($wh['idata']['client_ca_cert'])) {
$f = 'wh-' . $event['ui']['uid'] . '-' . $wh['id'] . '-ca-' . $xid;
$ca_file = rg_tmp_file($f, $wh['idata']['client_ca_cert']);
if ($ca_file === FALSE)
break;
curl_setopt($c, CURLOPT_CAINFO, $ca_file);
}
$xerr = 'Date (UTC): '
. gmdate('Y-m-d H:i') . "\n";
$xerr .= "\n";
$r = @curl_exec($c);
if ($err !== FALSE) {
rewind($err);
$xerr .= @fread($err, 16 * 4096);
fclose($err);
rg_log_ml('xerr: ' . $xerr);
}
if ($r === FALSE) {
rg_log('Cannot execute curl: ' . curl_error($c) . '.');
$_info = @curl_getinfo($c);
rg_log_ml('curl_getinfo: ' . print_r($_info, TRUE));
if ($wh['idata']['debug'] == 1)
rg_cache_set('DEBUG::' . $event['ui']['uid']
. '::webhooks::' . $wh['idata']['opaque']
. '::' . $wh['id'],
'BAD', RG_SOCKET_NO_WAIT);
break;
}
rg_log_ml('Answer: ' . print_r($r, TRUE));
$xerr .= $r;
if ($wh['idata']['debug'] == 1)
rg_cache_set('DEBUG::' . $event['ui']['uid']
. '::webhooks::' . $wh['idata']['opaque']
. '::' . $wh['id'],
'OK', RG_SOCKET_NO_WAIT);
$ret = array();
break;
}
curl_close($c);
if ($cert_file !== FALSE)
@unlink($cert_file);
if ($ca_file !== FALSE)
@unlink($ca_file);
rg_wh_set_last_output($db, $event['ui']['uid'], $wh['id'], $xerr);
rg_prof_end('wh_http_send_helper');
return $ret;
}
/*
* Generic function which will be called when a webhook must be run
*/
function rg_wh_http_send($db, $event)
{
rg_prof_start('wh_http_send');
rg_log_ml('wh_http_send: event: ' . print_r($event, TRUE));
// First, get the list of hooks
$r = rg_wh_list($db, $event['ui']['uid']);
if ($r['ok'] != 1)
return FALSE;
$cache = array();
$ret = array();
// Filter
foreach ($r['list'] as $id => $wh) {
if (strcmp($wh['htype'], 'http') != 0)
continue;
// Diabled?
if (strchr($wh['flags'], 'D'))
continue;
// If the web hook does not contain our type, skip it
if (!strchr($wh['idata']['events'], $event['wh_event'])) {
rg_log('DEBUG: ' . $event['wh_event']
. ' is not present in '
. $wh['idata']['events']);
continue;
}
if (isset($event['ri']['name'])
&& !rg_wh_repo_match($wh['repo'], $event['ri']['name'])) {
rg_log('hook is not for this repo');
continue;
}
if (isset($event['refname'])
&& !rg_repo_compare_refs($wh['refname'], $event['refname'])) {
rg_log('hook is not for this ref');
continue;
}
if (!isset($wh['idata']['itype'])) {
rg_log_ml('wh: ' . print_r($wh, TRUE));
rg_internal_error('DEBUG: itype is not present');
continue;
}
$itype = $wh['idata']['itype'];
if (!isset($cache[$itype])) {
switch ($itype) {
case 0: // http post
$cache[$itype] = &$event['ri'];
break;
case 1: // php serialize
$cache[$itype] = serialize($event['ri']);
break;
case 2: // custom body
$cache[$itype] = $wh['idata']['custom_body'];
break;
default:
rg_log('Unknown type ' . $itype . '!');
$cache[$itype] = '';
break;
}
}
$wh['idata']['final'] = $cache[$itype];
$x = $event;
$x['category'] = 'wh_http_send_one';
$x['wh'] = $wh;
$x['debug'] = $wh['idata']['debug'];
$ret[] = $x;
}
rg_prof_end('wh_http_send');
return $ret;
}
$rg_wh_http_itypes = array(
0 => 'HTTP (application/x-www-form-urlencoded)',
1 => 'PHP serialize',
2 => 'Custom (use custom body field)'
);
/*
* Transforms a type into HTML select
*/
function rg_wh_http_select_itype($itype)
{
global $rg_wh_http_itypes;
$ret = '<select name="wh::idata::itype" id="itype">';
foreach ($rg_wh_http_itypes as $_itype => $name) {
$add = '';
if ($_itype == $itype)
$add = ' selected';
$ret .= '<option value="' . $_itype . '"' . $add . '>'
. $name
. '</option>' . "\n";
}
$ret .= '</select>' . "\n";
return $ret;
}
/*
* Returns type text based on id
*/
function rg_wh_http_itype($itype)
{
global $rg_wh_http_itypes;
foreach ($rg_wh_http_itypes as $_itype => $name)
if ($_itype == $itype)
return $name;
}
/*
* Some cosmetics applied to a webhook
*/
function rg_wh_http_cosmetic(&$row)
{
// TODO DEBUG remove the following 2 lines
if (!isset($row['idata']['itype']))
$row['idata']['itype'] = 0;
$row['idata']['itype_text'] = rg_wh_http_itype($row['idata']['itype']);
$row['idata']['HTML:client_cert_short'] =
rg_xss_safe(rg_cert_short($row['idata']['client_cert']));
$row['idata']['HTML:client_ca_cert_short'] =
rg_xss_safe(rg_cert_short($row['idata']['client_ca_cert']));
$row['idata']['HTML:custom_body_nlbr'] =
nl2br(rg_xss_safe($row['idata']['custom_body']));
// this must be last
$row['idata']['HTML:private'] = rg_template(
'user/settings/wh/http/show.html', $row['idata'], TRUE /*xss*/);
}
/*
* Fill private data based on parameters passed
*/
function rg_wh_http_fill_vars(&$rg)
{
$a = &$rg['wh']['idata'];
$a['url'] = trim(rg_var_str('wh::idata::url'));
$a['itype'] = rg_var_uint('wh::idata::itype');
$a['client_cert'] = trim(rg_var_str('wh::idata::client_cert'));
$a['client_ca_cert'] = trim(rg_var_str('wh::idata::client_ca_cert'));
$a['opaque'] = trim(rg_var_str('wh::idata::opaque'));
$a['key'] = trim(rg_var_str('wh::idata::key'));
$a['custom_body'] = trim(rg_var_str('wh::idata::custom_body'));
}
/*
* Validate parameters passed
*/
function rg_wh_http_validate_vars($rg, &$errmsg)
{
global $rg_wh_http_itypes;
$a = $rg['wh'];
$ret = FALSE;
while (1) {
if ((strncasecmp($a['idata']['url'], 'http', 4) != 0)
&& (strncasecmp($a['idata']['url'], 'https', 5) != 0)) {
$errmsg[] = rg_template('user/settings/wh/http/inv_proto.txt',
$rg, TRUE /*xss*/);
break;
}
if (!isset($rg_wh_http_itypes[$a['idata']['itype']])) {
$errmsg[] = rg_template('user/settings/wh/http/inv_type.txt',
$rg, TRUE /*xss*/);
break;
}
$ret = TRUE;
break;
}
return $ret;
}
/*
* Transfers to $rg the custom parameters - used when showing the form
*/
function rg_wh_http_add_form($db, &$rg)
{
$rg['HTML:select_itype'] = rg_wh_http_select_itype($rg['wh']['idata']['itype']);
$rg['HTML:custom_form'] = rg_template('user/settings/wh/http/form.html',
$rg, TRUE /*xss*/);
}
/*
* Add custom hints
*/
function rg_wh_http_fill_hints($rg, &$hints)
{
$hints[]['HTML:hint'] = rg_template('user/settings/wh/http/hints.html',
$rg, TRUE /*xss*/);
}
/*
* Loads default paras for a form
*/
function rg_wh_http_default_paras(&$rg)
{
$a = &$rg['wh']['idata'];
$a['url'] = '';
$a['itype'] = 0;
$a['client_cert'] = '';
$a['client_ca_cert'] = '';
$a['opaque'] = '';
$a['key'] = '';
$a['custom_body'] = '';
if (strcmp($rg['wh']['hsubtype'], 'slack') == 0) {
$rg['wh']['description'] = 'Slack integration';
$a['itype'] = 2;
$a['events'] = 'P';
$a['custom_body'] = '{' . "\n"
. '"channel": "#rocketgit-##branch##",' . "\n"
. '"username": "RocketGit robot (hook ##hook_id##)",' . "\n"
. '"text": "Repo ##repo##, branch ##branch## pushed: <##commit_url##>",' . "\n"
. '"icon_emoji": ":ghost:"' . "\n"
. '}';
}
}
$rg_wh_plugins['http'] = array(
'htype' => 'http',
'description' => 'HTTP[S] - Calls any URL you want',
'cosmetic' => 'rg_wh_http_cosmetic',
'fill_vars' => 'rg_wh_http_fill_vars',
'validate_vars' => 'rg_wh_http_validate_vars',
'add_form' => 'rg_wh_http_add_form',
'default_paras' => 'rg_wh_http_default_paras',
'fill_hints' => 'rg_wh_http_fill_hints',
'have_events' => TRUE,
'subtypes' => array(
'slack' => 'Slack'
),
'flags' => array(
'I' => 'Do not verify the server certificate',
'H' => 'Do not verify the server hostname'
)
);
?>
| Mode | Type | Size | Ref | File |
|---|---|---|---|---|
| 100644 | blob | 9 | f3c7a7c5da68804a1bdf391127ba34aed33c3cca | .exclude |
| 100644 | blob | 102 | eaeb7d777062c60a55cdd4b5734902cdf6e1790c | .gitignore |
| 100644 | blob | 289 | fabbff669e768c05d6cfab4d9aeb651bf623e174 | AUTHORS |
| 100644 | blob | 1132 | dd65951315f3de6d52d52a82fca59889d1d95187 | Certs.txt |
| 100644 | blob | 549 | 41c3bdbba8ec2523fe24b84bdd46777fc13e8345 | History.txt |
| 100644 | blob | 34520 | dba13ed2ddf783ee8118c6a581dbf75305f816a3 | LICENSE |
| 100644 | blob | 2792 | 49fb9ac116dad2789e2b30046be0c9040ec2e880 | Makefile.in |
| 100644 | blob | 4875 | 351369ca6f3895965cd98b847161c696d2052146 | README |
| 100644 | blob | 110503 | 48e2f69a9b9e2a31c1b725822495c917f741489c | TODO |
| 100644 | blob | 1294 | f22911eb777f0695fcf81ad686eac133eb11fcc4 | TODO-plans |
| 100644 | blob | 203 | a2863c67c3da44126b61a15a6f09738c25e0fbe0 | TODO.perf |
| 100644 | blob | 600 | 5525d768c22262f90a504a11db4fabc25ddbab8f | TODO.vm |
| 040000 | tree | - | 21928e906ad2907a55c2e81c2a8b0502b586b8a0 | artwork |
| 100644 | blob | 3907 | 6ae9158d019f8075b0e0cb5b5b18a783b3a10fbf | compare.csv |
| 100755 | blob | 30 | 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 | configure |
| 040000 | tree | - | 8ffdcb3d5e12de55f23f507ed41bfda98d7e9595 | debian |
| 040000 | tree | - | c762634e95d46059f3d8e964a7f76c9f0f73139f | docker |
| 040000 | tree | - | f67d3605efbd6422a8acdd953578991139266391 | docs |
| 100755 | blob | 16711 | 924262b2f8dbf3bbe02358e7f404175732e970d1 | duilder |
| 100644 | blob | 536 | 4af4a0b5ba5e8c7c33ad12d7a552517bc0acf098 | duilder.conf |
| 040000 | tree | - | b0cc8cc0386eddf4373339a7860e46e8f74e0202 | hooks |
| 040000 | tree | - | 0700636b897dc72c30e764ad09f1a6b302963779 | inc |
| 040000 | tree | - | 893c467cc64247dbe6360f5688c896e5b928c257 | misc |
| 100644 | blob | 3924 | d71949b4bc4b8290aff66bc140e349c763d1d2cc | rocketgit.spec.in |
| 040000 | tree | - | e56e45b6dfaeb3ae44f6fc11d5d3b2cd2e117e02 | root |
| 040000 | tree | - | 27c2b5605627048c31d9bffe40a779ffb5a23561 | samples |
| 040000 | tree | - | e7d8b1acea02964ab7203488eba7f45c51955f3f | scripts |
| 040000 | tree | - | b2126466c4b21ed1182f727f36de39ec6fc05d02 | selinux |
| 100755 | blob | 256 | 462ccd108c431f54e380cdac2329129875a318b5 | spell_check.sh |
| 040000 | tree | - | cb54e074b3ca35943edfcda9dd9cfcd281bcd9e7 | techdocs |
| 040000 | tree | - | 4cee612f5f854d74a13c4f95f1045d94fc046e13 | tests |
| 040000 | tree | - | 63f68e921ac8d6a62ea9c3d180e072c7c4725b7d | tools |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!