Correction migration vers Forgejo #236
1 changed files with 42 additions and 14 deletions
|
|
@ -5,6 +5,8 @@ os.environ.pop("SSL_CERT_FILE", None)
|
||||||
|
|
||||||
from flask import Flask, request, abort
|
from flask import Flask, request, abort
|
||||||
from datetime import datetime, timezone
|
from datetime import datetime, timezone
|
||||||
|
import hashlib
|
||||||
|
import hmac
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
|
|
||||||
|
|
@ -20,6 +22,25 @@ PM2_BINARY = "/home/discord/.nvm/versions/node/v24.15.0/bin/pm2"
|
||||||
# Bot Local Proxy
|
# Bot Local Proxy
|
||||||
BOT_LOCAL_URL = "http://127.0.0.1:5001/bot_event"
|
BOT_LOCAL_URL = "http://127.0.0.1:5001/bot_event"
|
||||||
|
|
||||||
|
|
||||||
|
def relay_payload_to_bot(payload):
|
||||||
|
try:
|
||||||
|
requests.post(BOT_LOCAL_URL, json=payload, timeout=5)
|
||||||
|
except Exception as e:
|
||||||
|
print(f"[!] Erreur de relais vers le bot Discord : {e}")
|
||||||
|
|
||||||
|
|
||||||
|
def verify_signature(payload_brut, received_signature):
|
||||||
|
if not received_signature:
|
||||||
|
return False
|
||||||
|
expected_signature = "sha256=" + hmac.new(
|
||||||
|
WEBHOOK_SECRET.encode("utf-8"),
|
||||||
|
payload_brut,
|
||||||
|
hashlib.sha256
|
||||||
|
).hexdigest()
|
||||||
|
return hmac.compare_digest(expected_signature, received_signature)
|
||||||
|
|
||||||
|
|
||||||
def send_discord_log(status, message, color, author=None, commit_msg=None):
|
def send_discord_log(status, message, color, author=None, commit_msg=None):
|
||||||
embed = {
|
embed = {
|
||||||
"title": f"🚀 Kuby V2 : {status}",
|
"title": f"🚀 Kuby V2 : {status}",
|
||||||
|
|
@ -128,25 +149,32 @@ def deploy():
|
||||||
|
|
||||||
@app.route('/gitlab_webhook', methods=['POST'])
|
@app.route('/gitlab_webhook', methods=['POST'])
|
||||||
def gitlab_webhook():
|
def gitlab_webhook():
|
||||||
# Protection par Token uniquement (anti-crawler géré par le secret)
|
|
||||||
received_token = request.headers.get('X-Gitlab-Token')
|
received_token = request.headers.get('X-Gitlab-Token')
|
||||||
|
print(f"[DEBUG] Webhook GitLab reçu. Token reçu: '{received_token}'")
|
||||||
# Log de debug pour voir ce que GitLab envoie vs ce qu'on attend
|
|
||||||
print(f"[DEBUG] Webhook reçu. Token attendu: '{WEBHOOK_SECRET}', Token reçu: '{received_token}'")
|
|
||||||
|
|
||||||
if received_token != WEBHOOK_SECRET:
|
if received_token != WEBHOOK_SECRET:
|
||||||
abort(403) # Changé en 403 pour différencier une route non trouvée d'un accès refusé
|
abort(403)
|
||||||
|
|
||||||
# Transférer la payload au bot Discord localement sur le port 5001
|
|
||||||
payload = request.json
|
payload = request.json
|
||||||
try:
|
relay_payload_to_bot(payload)
|
||||||
# On tente de relayer au bot discord. Timeout légèrement augmenté pour plus de stabilité.
|
return {"status": "received"}, 200
|
||||||
# On ne passe plus de token interne pour simplifier comme demandé.
|
|
||||||
requests.post(BOT_LOCAL_URL, json=payload, timeout=5)
|
|
||||||
except Exception as e:
|
|
||||||
print(f"[!] Erreur de relais vers le bot Discord : {e}")
|
|
||||||
# On renvoie 200 à GitLab quand même car GitLab n'a pas à savoir l'état interne
|
|
||||||
|
|
||||||
|
|
||||||
|
@app.route('/forgejo_webhook', methods=['POST'])
|
||||||
|
def forgejo_webhook():
|
||||||
|
payload_brut = request.get_data()
|
||||||
|
received_signature = (
|
||||||
|
request.headers.get('X-Hub-Signature-256')
|
||||||
|
or request.headers.get('X-Gitea-Signature')
|
||||||
|
or request.headers.get('X-Gogs-Signature')
|
||||||
|
)
|
||||||
|
|
||||||
|
if received_signature and not verify_signature(payload_brut, received_signature):
|
||||||
|
print("[!] Signature Forgejo invalide", flush=True)
|
||||||
|
abort(403)
|
||||||
|
|
||||||
|
payload = request.json
|
||||||
|
relay_payload_to_bot(payload)
|
||||||
return {"status": "received"}, 200
|
return {"status": "received"}, 200
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue