mira/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: stuff

Browse Source
This commit is contained in:
Mira
2025-02-06 01:42:24 +06:00
parent 5f99ba28c4
commit 6b150fe4c4
4 changed files with 61 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
FROM node:alpine-22
RUN apk add --no-cache git
WORKDIR /app
COPY package*.json ./
RUN npm ci --omit-dev
COPY . .
RUN npm run build
EXPOSE 3000
CMD ["node", "--watch", "server.js"]

1
package.json
View File

@@ -18,6 +18,7 @@
"remark-prism": "^1.3.6" "remark-prism": "^1.3.6"
}, },
"devDependencies": { "devDependencies": {
"@types/node": "^22.13.1",
"@types/remark-prism": "^1.3.7" "@types/remark-prism": "^1.3.7"
} }
} }

67
server.js
View File

@@ -1,20 +1,11 @@
import Fastify from "fastify"; import Fastify from "fastify";
import fastifyStatic from "@fastify/static"; import fastifyStatic from "@fastify/static";
import { exec } from "child_process"; import { exec } from "node:child_process";
import { promisify } from "util"; import { promisify } from "node:util";
import path from "path"; import path from "node:path";
import crypto from "crypto"; import crypto from "node:crypto";
const verifySignature = (payload, signature, secret) => { const { WEBHOOK_SECRET } = process.env;
const computedSignature = crypto
.createHmac("sha256", secret)
.update(JSON.stringify(payload))
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(computedSignature)
);
};
const execAsync = promisify(exec); const execAsync = promisify(exec);
const fastify = Fastify({ logger: true }); const fastify = Fastify({ logger: true });
@@ -24,27 +15,45 @@ fastify.register(fastifyStatic, {
prefix: "/", prefix: "/",
}); });
fastify.post("/webhook", async (request, reply) => { const verifySignature = (payload, signature) => {
const signature = request.headers["strapi-signature"]; const hmac = crypto.createHmac("sha256", WEBHOOK_SECRET);
const digest = "sha256=" + hmac.update(payload).digest("hex");
return crypto.timingSafeEqual(Buffer.from(digest), Buffer.from(signature));
};
if (process.env.WEBHOOK_SECRET) { const updateRepo = async (repoUrl) => {
const isValid = verifySignature( try {
request.body, const { code } = await execAsync("git rev-parse --git-dir")
signature, .then(() => ({ code: 0 }))
process.env.WEBHOOK_SECRET .catch((error) => ({ code: error.code }));
);
if (!isValid) { if (code !== 0) {
return reply.code(401).send({ error: "Invalid signature" }); await execAsync("git init");
await execAsync(`git remote add origin ${repoUrl}`);
} }
await execAsync("git fetch origin");
await execAsync("git reset --hard origin/main");
await execAsync("npm run build");
} catch (error) {
console.error("Failed to update repository:", error);
throw error;
}
};
fastify.post("/webhook/rebuild", async (request, reply) => {
const signature = request.headers["x-gitea-signature"];
if (!signature || !verifySignature(JSON.stringify(request.body), signature)) {
return reply.status(401).send("Invalid signature");
} }
try { try {
const { stdout } = await execAsync("npm run build"); const repoUrl = request.body.repository.clone_url;
fastify.log.info(`Build output: ${stdout}`); await updateRepo(repoUrl);
return { status: "success", message: "Build completed" }; reply.status(200).send("Updated successfully");
} catch (error) { } catch (error) {
fastify.log.error(error); reply.status(500).send("Update failed");
return reply.code(500).send({ error: "Build failed" });
} }
}); });

12
yarn.lock
View File

@@ -660,6 +660,13 @@
dependencies: dependencies:
"@types/unist" "*" "@types/unist" "*"
"@types/node@^22.13.1":
version "22.13.1"
resolved "https://registry.yarnpkg.com/@types/node/-/node-22.13.1.tgz#a2a3fefbdeb7ba6b89f40371842162fac0934f33"
integrity sha512-jK8uzQlrvXqEU91UxiK5J7pKHyzgnI1Qnl0QDHIgVGuolJhRb9EEl28Cj9b3rGR8B2lhFCtvIm5os8lFnO/1Ew==
dependencies:
undici-types "~6.20.0"
"@types/remark-prism@^1.3.7": "@types/remark-prism@^1.3.7":
version "1.3.7" version "1.3.7"
resolved "https://registry.yarnpkg.com/@types/remark-prism/-/remark-prism-1.3.7.tgz#997486629798f9daa6cf2bfea4943d7d9763d116" resolved "https://registry.yarnpkg.com/@types/remark-prism/-/remark-prism-1.3.7.tgz#997486629798f9daa6cf2bfea4943d7d9763d116"
@@ -3591,6 +3598,11 @@ uncrypto@^0.1.3:
resolved "https://registry.yarnpkg.com/uncrypto/-/uncrypto-0.1.3.tgz#e1288d609226f2d02d8d69ee861fa20d8348ef2b" resolved "https://registry.yarnpkg.com/uncrypto/-/uncrypto-0.1.3.tgz#e1288d609226f2d02d8d69ee861fa20d8348ef2b"
integrity sha512-Ql87qFHB3s/De2ClA9e0gsnS6zXG27SkTiSJwjCc9MebbfapQfuPzumMIUMi38ezPZVNFcHI9sUIepeQfw8J8Q== integrity sha512-Ql87qFHB3s/De2ClA9e0gsnS6zXG27SkTiSJwjCc9MebbfapQfuPzumMIUMi38ezPZVNFcHI9sUIepeQfw8J8Q==
undici-types@~6.20.0:
version "6.20.0"
resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.20.0.tgz#8171bf22c1f588d1554d55bf204bc624af388433"
integrity sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==
unenv@^1.10.0: unenv@^1.10.0:
version "1.10.0" version "1.10.0"
resolved "https://registry.yarnpkg.com/unenv/-/unenv-1.10.0.tgz#c3394a6c6e4cfe68d699f87af456fe3f0db39571" resolved "https://registry.yarnpkg.com/unenv/-/unenv-1.10.0.tgz#c3394a6c6e4cfe68d699f87af456fe3f0db39571"