git.m6w6.name Git - m6w6/replicator/blob - public/mirror.php

   1 <?php
   2
   3 use http\Env\Request;
   4 use http\Env\Response;
   5 use http\Params;
   6
   7 $request = new Request;
   8 $response = new Response;
   9 $response->setResponseCode(500);
  10 ob_start($response);
  11
  12 $owners = explode(",", getenv("owners") ?: "m6w6");
  13 $mirror = getenv("mirror") ?: "/var/github";
  14 $secret = getenv("secret") ?: trim(file_get_contents("$mirror/.secret"));
  15
  16 $sig = $request->getHeader("X-Hub-Signature");
  17 $evt = $request->getHeader("X-Github-Event");
  18
  19 if (!$sig || !$evt) {
  20         $response->setResponseCode(400);
  21         $response->setContentType("message/http");
  22         $response->getBody()->append($request);
  23         return $response->send();
  24 }
  25
  26 foreach ((new Params($sig))->params as $algo => $mac) {
  27         if ($mac["value"] !== hash_hmac($algo, $request->getBody(), $secret)) {
  28                 $response->setResponseCode(403);
  29                 $response->getBody()->append("Invalid signature");
  30                 return $response->send();
  31         }
  32 }
  33
  34 switch ($evt) {
  35         default:
  36                 $response->setResponseCode(202);
  37                 $response->getBody()->append("Not a configured event");
  38                 break;
  39         case "ping";
  40                 $response->setResponseCode(204);
  41                 $response->setResponseStatus("PONG");
  42                 break;
  43         case "push":
  44                 if (($json = json_decode($request->getBody()))) {
  45                         if (in_array($json->repository->owner->name, $owners, true)) {
  46                                 $repo = $json->repository->full_name;
  47                                 $path = $mirror . "/" . $repo;
  48                                 if (is_dir($path) && chdir($path)) {
  49                                         passthru("git fetch -p", $rv);
  50                                         if ($rv == 0) {
  51                                                 $response->setResponseCode(200);
  52                                         }
  53                                 } elseif (mkdir($path, 0755, true) && chdir($path)) {
  54                                         passthru("git clone --mirror " . escapeshellarg($repo) . " .", $rv);
  55                                         if ($rv == 0) {
  56                                                 $response->setResponseCode(200);
  57                                         }
  58                                 }
  59                         } else {
  60                                 $response->setResponseCode(403);
  61                                 $response->getBody()->append("Invalid owner");
  62                         }
  63                 } else {
  64                         $response->setResponseCode(415);
  65                         $response->setContentType($request->getHeader("Content-Type"));
  66                         $response->getBody()->append($request->getBody());
  67                 }
  68                 break;
  69 }
  70
  71 $response->send();