git.m6w6.name Git - m6w6/replicator/blob - public/mirror.php

   1 <?php
   2
   3 use http\Env\Request;
   4 use http\Env\Response;
   5 use http\Params;
   6
   7 $request = new Request;
   8 $response = new Response;
   9 $response->setResponseCode(500);
  10 ob_start($response);
  11
  12 $owners = explode(",", getenv("owners") ?: "m6w6");
  13 $mirror = getenv("mirror") ?: "/var/github";
  14 $secret = getenv("secret") ?: trim(file_get_contents("$mirror/.secret"));
  15
  16 $sig = $request->getHeader("X-Hub-Signature");
  17 $evt = $request->getHeader("X-Github-Event");
  18
  19 if (!$sig || !$evt) {
  20         $response->setResponseCode(400);
  21         $response->setContentType("message/http");
  22         $response->getBody()->append($request);
  23         return $response->send();
  24 }
  25
  26 foreach ((new Params($sig))->params as $algo => $mac) {
  27         if ($mac["value"] !== hash_hmac($algo, $request->getBody(), $secret)) {
  28                 $response->setResponseCode(403);
  29                 $response->getBody()->append("Invalid signature");
  30                 return $response->send();
  31         }
  32 }
  33
  34 switch ($evt) {
  35         default:
  36                 $response->setResponseCode(202);
  37                 $response->getBody()->append("Not a configured event");
  38                 break;
  39         case "ping";
  40                 $response->setResponseCode(204);
  41                 $response->setResponseStatus("PONG");
  42                 break;
  43         case "push":
  44                 if (!($json = json_decode($request->getBody()))) {
  45                         $response->setResponseCode(415);
  46                         $response->setContentType($request->getHeader("Content-Type"));
  47                         $response->getBody()->append($request->getBody());
  48                 } elseif (!in_array($json->repository->owner->name, $owners, true)) {
  49                         $response->setResponseCode(403);
  50                         $response->getBody()->append("Invalid owner");
  51                 } else {
  52                         $repo = $json->repository->full_name;
  53                         $path = $mirror . "/" . $repo;
  54                         if (is_dir($path) && chdir($path)) {
  55                                 passthru("git fetch -vp 2>&1", $rv);
  56                                 if ($rv == 0) {
  57                                         $response->setResponseCode(200);
  58                                 }
  59                         } elseif (mkdir($path, 0755, true) && chdir($path)) {
  60                                 $source = escapeshellarg($json->repository->clone_url);
  61                                 $description = escapeshellarg($json->repository->description);
  62                                 passthru("git clone --mirror $source . 2>&1", $rv);
  63                                 passthru("git config gitweb.description $description 2>&1");
  64                                 unlink("description");
  65                                 if ($rv == 0) {
  66                                         $response->setResponseCode(200);
  67                                 }
  68                         }
  69                 }
  70                 break;
  71 }
  72
  73 $response->send();