Correction migration vers Forgejo

This commit is contained in:
Mathis 2026-07-11 23:37:30 +02:00
parent e41c1702a3
commit 38c8798c67

View file

@ -5,6 +5,8 @@ os.environ.pop("SSL_CERT_FILE", None)
from flask import Flask, request, abort from flask import Flask, request, abort
from datetime import datetime, timezone from datetime import datetime, timezone
import hashlib
import hmac
app = Flask(__name__) app = Flask(__name__)
@ -20,6 +22,25 @@ PM2_BINARY = "/home/discord/.nvm/versions/node/v24.15.0/bin/pm2"
# Bot Local Proxy # Bot Local Proxy
BOT_LOCAL_URL = "http://127.0.0.1:5001/bot_event" BOT_LOCAL_URL = "http://127.0.0.1:5001/bot_event"
def relay_payload_to_bot(payload):
try:
requests.post(BOT_LOCAL_URL, json=payload, timeout=5)
except Exception as e:
print(f"[!] Erreur de relais vers le bot Discord : {e}")
def verify_signature(payload_brut, received_signature):
if not received_signature:
return False
expected_signature = "sha256=" + hmac.new(
WEBHOOK_SECRET.encode("utf-8"),
payload_brut,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(expected_signature, received_signature)
def send_discord_log(status, message, color, author=None, commit_msg=None): def send_discord_log(status, message, color, author=None, commit_msg=None):
embed = { embed = {
"title": f"🚀 Kuby V2 : {status}", "title": f"🚀 Kuby V2 : {status}",
@ -128,25 +149,32 @@ def deploy():
@app.route('/gitlab_webhook', methods=['POST']) @app.route('/gitlab_webhook', methods=['POST'])
def gitlab_webhook(): def gitlab_webhook():
# Protection par Token uniquement (anti-crawler géré par le secret)
received_token = request.headers.get('X-Gitlab-Token') received_token = request.headers.get('X-Gitlab-Token')
print(f"[DEBUG] Webhook GitLab reçu. Token reçu: '{received_token}'")
# Log de debug pour voir ce que GitLab envoie vs ce qu'on attend
print(f"[DEBUG] Webhook reçu. Token attendu: '{WEBHOOK_SECRET}', Token reçu: '{received_token}'")
if received_token != WEBHOOK_SECRET: if received_token != WEBHOOK_SECRET:
abort(403) # Changé en 403 pour différencier une route non trouvée d'un accès refusé abort(403)
# Transférer la payload au bot Discord localement sur le port 5001
payload = request.json payload = request.json
try: relay_payload_to_bot(payload)
# On tente de relayer au bot discord. Timeout légèrement augmenté pour plus de stabilité. return {"status": "received"}, 200
# On ne passe plus de token interne pour simplifier comme demandé.
requests.post(BOT_LOCAL_URL, json=payload, timeout=5)
except Exception as e:
print(f"[!] Erreur de relais vers le bot Discord : {e}")
# On renvoie 200 à GitLab quand même car GitLab n'a pas à savoir l'état interne
@app.route('/forgejo_webhook', methods=['POST'])
def forgejo_webhook():
payload_brut = request.get_data()
received_signature = (
request.headers.get('X-Hub-Signature-256')
or request.headers.get('X-Gitea-Signature')
or request.headers.get('X-Gogs-Signature')
)
if received_signature and not verify_signature(payload_brut, received_signature):
print("[!] Signature Forgejo invalide", flush=True)
abort(403)
payload = request.json
relay_payload_to_bot(payload)
return {"status": "received"}, 200 return {"status": "received"}, 200
if __name__ == '__main__': if __name__ == '__main__':