Correction migration vers Forgejo
This commit is contained in:
parent
e41c1702a3
commit
38c8798c67
1 changed files with 42 additions and 14 deletions
|
|
@ -5,6 +5,8 @@ os.environ.pop("SSL_CERT_FILE", None)
|
|||
|
||||
from flask import Flask, request, abort
|
||||
from datetime import datetime, timezone
|
||||
import hashlib
|
||||
import hmac
|
||||
|
||||
app = Flask(__name__)
|
||||
|
||||
|
|
@ -20,6 +22,25 @@ PM2_BINARY = "/home/discord/.nvm/versions/node/v24.15.0/bin/pm2"
|
|||
# Bot Local Proxy
|
||||
BOT_LOCAL_URL = "http://127.0.0.1:5001/bot_event"
|
||||
|
||||
|
||||
def relay_payload_to_bot(payload):
|
||||
try:
|
||||
requests.post(BOT_LOCAL_URL, json=payload, timeout=5)
|
||||
except Exception as e:
|
||||
print(f"[!] Erreur de relais vers le bot Discord : {e}")
|
||||
|
||||
|
||||
def verify_signature(payload_brut, received_signature):
|
||||
if not received_signature:
|
||||
return False
|
||||
expected_signature = "sha256=" + hmac.new(
|
||||
WEBHOOK_SECRET.encode("utf-8"),
|
||||
payload_brut,
|
||||
hashlib.sha256
|
||||
).hexdigest()
|
||||
return hmac.compare_digest(expected_signature, received_signature)
|
||||
|
||||
|
||||
def send_discord_log(status, message, color, author=None, commit_msg=None):
|
||||
embed = {
|
||||
"title": f"🚀 Kuby V2 : {status}",
|
||||
|
|
@ -128,25 +149,32 @@ def deploy():
|
|||
|
||||
@app.route('/gitlab_webhook', methods=['POST'])
|
||||
def gitlab_webhook():
|
||||
# Protection par Token uniquement (anti-crawler géré par le secret)
|
||||
received_token = request.headers.get('X-Gitlab-Token')
|
||||
|
||||
# Log de debug pour voir ce que GitLab envoie vs ce qu'on attend
|
||||
print(f"[DEBUG] Webhook reçu. Token attendu: '{WEBHOOK_SECRET}', Token reçu: '{received_token}'")
|
||||
print(f"[DEBUG] Webhook GitLab reçu. Token reçu: '{received_token}'")
|
||||
|
||||
if received_token != WEBHOOK_SECRET:
|
||||
abort(403) # Changé en 403 pour différencier une route non trouvée d'un accès refusé
|
||||
abort(403)
|
||||
|
||||
# Transférer la payload au bot Discord localement sur le port 5001
|
||||
payload = request.json
|
||||
try:
|
||||
# On tente de relayer au bot discord. Timeout légèrement augmenté pour plus de stabilité.
|
||||
# On ne passe plus de token interne pour simplifier comme demandé.
|
||||
requests.post(BOT_LOCAL_URL, json=payload, timeout=5)
|
||||
except Exception as e:
|
||||
print(f"[!] Erreur de relais vers le bot Discord : {e}")
|
||||
# On renvoie 200 à GitLab quand même car GitLab n'a pas à savoir l'état interne
|
||||
relay_payload_to_bot(payload)
|
||||
return {"status": "received"}, 200
|
||||
|
||||
|
||||
@app.route('/forgejo_webhook', methods=['POST'])
|
||||
def forgejo_webhook():
|
||||
payload_brut = request.get_data()
|
||||
received_signature = (
|
||||
request.headers.get('X-Hub-Signature-256')
|
||||
or request.headers.get('X-Gitea-Signature')
|
||||
or request.headers.get('X-Gogs-Signature')
|
||||
)
|
||||
|
||||
if received_signature and not verify_signature(payload_brut, received_signature):
|
||||
print("[!] Signature Forgejo invalide", flush=True)
|
||||
abort(403)
|
||||
|
||||
payload = request.json
|
||||
relay_payload_to_bot(payload)
|
||||
return {"status": "received"}, 200
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue