chore: stuff
This commit is contained in:
67
server.js
67
server.js
@@ -1,20 +1,11 @@
|
||||
import Fastify from "fastify";
|
||||
import fastifyStatic from "@fastify/static";
|
||||
import { exec } from "child_process";
|
||||
import { promisify } from "util";
|
||||
import path from "path";
|
||||
import crypto from "crypto";
|
||||
import { exec } from "node:child_process";
|
||||
import { promisify } from "node:util";
|
||||
import path from "node:path";
|
||||
import crypto from "node:crypto";
|
||||
|
||||
const verifySignature = (payload, signature, secret) => {
|
||||
const computedSignature = crypto
|
||||
.createHmac("sha256", secret)
|
||||
.update(JSON.stringify(payload))
|
||||
.digest("hex");
|
||||
return crypto.timingSafeEqual(
|
||||
Buffer.from(signature),
|
||||
Buffer.from(computedSignature)
|
||||
);
|
||||
};
|
||||
const { WEBHOOK_SECRET } = process.env;
|
||||
|
||||
const execAsync = promisify(exec);
|
||||
const fastify = Fastify({ logger: true });
|
||||
@@ -24,27 +15,45 @@ fastify.register(fastifyStatic, {
|
||||
prefix: "/",
|
||||
});
|
||||
|
||||
fastify.post("/webhook", async (request, reply) => {
|
||||
const signature = request.headers["strapi-signature"];
|
||||
const verifySignature = (payload, signature) => {
|
||||
const hmac = crypto.createHmac("sha256", WEBHOOK_SECRET);
|
||||
const digest = "sha256=" + hmac.update(payload).digest("hex");
|
||||
return crypto.timingSafeEqual(Buffer.from(digest), Buffer.from(signature));
|
||||
};
|
||||
|
||||
if (process.env.WEBHOOK_SECRET) {
|
||||
const isValid = verifySignature(
|
||||
request.body,
|
||||
signature,
|
||||
process.env.WEBHOOK_SECRET
|
||||
);
|
||||
if (!isValid) {
|
||||
return reply.code(401).send({ error: "Invalid signature" });
|
||||
const updateRepo = async (repoUrl) => {
|
||||
try {
|
||||
const { code } = await execAsync("git rev-parse --git-dir")
|
||||
.then(() => ({ code: 0 }))
|
||||
.catch((error) => ({ code: error.code }));
|
||||
|
||||
if (code !== 0) {
|
||||
await execAsync("git init");
|
||||
await execAsync(`git remote add origin ${repoUrl}`);
|
||||
}
|
||||
|
||||
await execAsync("git fetch origin");
|
||||
await execAsync("git reset --hard origin/main");
|
||||
await execAsync("npm run build");
|
||||
} catch (error) {
|
||||
console.error("Failed to update repository:", error);
|
||||
throw error;
|
||||
}
|
||||
};
|
||||
|
||||
fastify.post("/webhook/rebuild", async (request, reply) => {
|
||||
const signature = request.headers["x-gitea-signature"];
|
||||
|
||||
if (!signature || !verifySignature(JSON.stringify(request.body), signature)) {
|
||||
return reply.status(401).send("Invalid signature");
|
||||
}
|
||||
|
||||
try {
|
||||
const { stdout } = await execAsync("npm run build");
|
||||
fastify.log.info(`Build output: ${stdout}`);
|
||||
return { status: "success", message: "Build completed" };
|
||||
const repoUrl = request.body.repository.clone_url;
|
||||
await updateRepo(repoUrl);
|
||||
reply.status(200).send("Updated successfully");
|
||||
} catch (error) {
|
||||
fastify.log.error(error);
|
||||
return reply.code(500).send({ error: "Build failed" });
|
||||
reply.status(500).send("Update failed");
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user