This repository has been archived by the owner on Jan 21, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
AutoUpdate.php
81 lines (71 loc) · 2.19 KB
/
AutoUpdate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
if (!file_exists('Config.php')) {
exit('Please configure this app first by copying the default config to Config.php');
}
include 'Config.php';
//Handle incoming github webhooks
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
//Verify Github signature
$requestBody = verifyGithub();
//@todo check branch in payload
//
if (!empty($requestBody)) {
$cmds = [
'cd ' . PATH_REPOSITORY,
'git checkout ' . GIT_BRANCH,
'git reset --hard HEAD',
'git pull',
'rsync -rtu --delete ' . PATH_REPOSITORY . ' ' . PATH_PUBLIC
];
$x = shell_exec(implode(' 2>&1 && ', $cmds) . ' 2>&1 ');
if (!empty($x)) {
echo 'Error encountered: ' . $x;
}
} else {
echo 'No Payload data';
}
} else {
//Page is called in browser
if (!function_exists('exec')) {
echo "exec is not enabled<br />";
}
if (!function_exists('shell_exec')) {
echo "shell_exec is not enabled<br />";
}
if (!is_writable(PATH_REPOSITORY)) {
echo "Repository path is not writeable<br />";
}
if (!is_writable(PATH_REPOSITORY . '.git')) {
echo "Repository path does not contain a git repository<br />";
}
if (!is_writable(PATH_PUBLIC)) {
echo "Public path is not writeable<br />";
}
if (!`which rsync`) {
echo "rsync is not installed or not accessable from PHP<br />";
}
}
function getPayload() {
if (!isset($_POST['payload'])) {
return file_get_contents('php://input');
} else {
return json_encode($_POST['payload']);
}
}
function verifyGithub() {
$headers = getallheaders();
$hubSignature = $headers['X-Hub-Signature'];
// Split signature into algorithm and hash
list($algo, $hash) = explode('=', $hubSignature, 2);
// Get payload
$payload = getPayload();
// Calculate hash based on payload and the secret
$payloadHash = hash_hmac($algo, $payload, GITHUB_SECRET);
// Check if hashes are equivalent
if ($hash !== $payloadHash) {
// Kill the script or do something else here.
die('Bad secret');
}
// Your code here.
return json_decode($payload);
}