webhook

assets/webhook.php

@@ -0,0 +1,54 @@
+<?php
+# https://docs.gitea.com/usage/webhooks
+
+// check for POST request
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+    error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
+    exit();
+}
+
+// get content type
+$content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
+
+if ($content_type != 'application/json') {
+    error_log('FAILED - not application/json - '. $content_type);
+    exit();
+}
+
+// get payload
+$payload = trim(file_get_contents("php://input"));
+
+if (empty($payload)) {
+    error_log('FAILED - no payload');
+    exit();
+}
+
+// get header signature
+$header_signature = isset($_SERVER['HTTP_X_GITEA_SIGNATURE']) ? $_SERVER['HTTP_X_GITEA_SIGNATURE'] : '';
+
+if (empty($header_signature)) {
+    error_log('FAILED - header signature missing');
+    exit();
+}
+
+// calculate payload signature
+$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
+
+// check payload signature against header signature
+if ($header_signature !== $payload_signature) {
+    error_log('FAILED - payload signature');
+    exit();
+}
+
+// convert json to array
+$decoded = json_decode($payload, true);
+
+// check for json decode errors
+if (json_last_error() !== JSON_ERROR_NONE) {
+    error_log('FAILED - json decode - '. json_last_error());
+    exit();
+}
+
+// success, do something
+shell_exec('sh ../webhook/webhook.sh')
+?>

assets/webhook.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+username=$(getent passwd 1000 | cut -d: -f1)
+touch /home/$username/webhook_ok

install.sh

@@ -2,6 +2,7 @@
 
 PURPLE='\033[35m'
 ORANGE='\033[33m'
+BLUE='\033[34m'
 BOLD='\033[1m'
 RESET='\033[0m'
 
@@ -208,9 +209,9 @@ get_ip
 cms_folder="cms_${domain_name}"
 
 echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
-echo -e "${PURPLE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
-echo -e "${PURPLE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
-echo -e "${PURPLE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
+echo -e "${BLUE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
+echo -e "${BLUE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
+echo -e "${BLUE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
 echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
 read
 
@@ -256,6 +257,8 @@ if [[ "$answer" == "y" ]]; then
     echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
     echo \"SECRET='${secret}'\" >> ${env_file} &&\
     echo \"KEY='${key}'\" >> ${env_file} &&\
+    echo \"CORS_ENABLED='true'\" >> ${env_file} &&\
+    echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\
     cd ${cms_folder} &&\
     npm init -y &&\
     npx directus bootstrap --skipAdminInit" $username
@@ -298,8 +301,8 @@ if [[ "$answer" == "y" ]]; then
     if [[ "$answer" == "y" ]]; then
 
         echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
-        echo -e "${PURPLE}npx directus schema snapshot ./snapshot.yaml${RESET}"
-        echo -e "${PURPLE}scp /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
+        echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
+        echo -e "${BLUE}scp /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
         echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
         read
 
@@ -325,9 +328,9 @@ if [[ "$answer" == "y" ]]; then
     get_ip
 
     echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
-    echo -e "${PURPLE}git checkout -b prod${RESET}"
-    echo -e "${PURPLE}git add . && git commit -m "first commit to prod"${RESET}"
-    echo -e "${PURPLE}git push origin prod${RESET}"
+    echo -e "${BLUE}git checkout -b prod${RESET}"
+    echo -e "${BLUE}git add . && git commit -m "first commit to prod"${RESET}"
+    echo -e "${BLUE}git push origin prod${RESET}"
     echo -e "${PURPLE}${BOLD}What is the .git url of the repo${RESET}"
     read repo_url
 
@@ -364,12 +367,39 @@ if [[ "$answer" == "y" ]]; then
     echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}"
     read answer
     if [[ "$answer" == "y" ]]; then
-        echo "wawawawawa"
+        echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
+        echo -e "${PURPLE}${BOLD}https://${repo_url}/settings/hooks/gitea/new${RESET}"
+        echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
+        echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
+        echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
+        echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
+        read -s auth_header
+
+        apt install -y php php-fpm
+        rm /var/www/html/index.html
+        cp ./assets/webhook.php /var/www/html/
+        mkdir /var/www/webhook
+        cp .assets/webhook.sh /var/www/webhook
+        chown www-data:www-data /var/www/webhook/webhook.sh
+        chmod u+x /var/www/webhook/webhook.sh
+
+        sed -i '$ d' $caddyfile
+        echo "handle /webhook.php {" >> $caddyfile
+        echo "@unauthorized not header Authorization ${auth_header}" >> $caddyfile
+        echo "respond @unauthorized "Unauthorized access"" >> $caddyfile
+        echo "root * /var/www/html" >> $caddyfile
+        echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile
+        echo "file_server" >> $caddyfile
+        echo "}" >> $caddyfile
+        echo "}" >> $caddyfile
+        caddy fmt $caddyfile -w
+        caddy reload -c $caddyfile
     fi
 fi
 
 
 # TODO
+#
 # REMOVE EXPECT AT THE END IF IT IS INSTALLED
 # CREATE AN ASSETS FOLDER WITH THE DIRECTUS ENV
 # ZABBIX
@@ -377,3 +407,6 @@ fi
 # DIRECTUS EMAIL
 # DIRECTUS REDIS
 # LOGING DE TOUT
+# IMPORT DIRECTUS FULL DB
+# CADDYFILE EN JSON
+# MÀJ