37 lines
1.3 KiB
PHP
37 lines
1.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Jobs\RunGitDeployment;
|
|
use App\Models\GitDeployment;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
|
|
class GitWebhookController extends Controller
|
|
{
|
|
public function __invoke(Request $request, GitDeployment $deployment, ?string $token = null): JsonResponse
|
|
{
|
|
$payload = $request->getContent();
|
|
$providedSignature = (string) ($request->header('X-Jabali-Signature') ?? $request->header('X-Hub-Signature-256') ?? '');
|
|
$providedSignature = preg_replace('/^sha256=/i', '', trim($providedSignature)) ?: '';
|
|
$expectedSignature = hash_hmac('sha256', $payload, $deployment->secret_token);
|
|
|
|
$hasValidSignature = $providedSignature !== '' && hash_equals($expectedSignature, $providedSignature);
|
|
$hasValidLegacyToken = $token !== null && hash_equals($deployment->secret_token, $token);
|
|
|
|
if (! $hasValidSignature && ! $hasValidLegacyToken) {
|
|
return response()->json(['message' => 'Invalid token'], 403);
|
|
}
|
|
|
|
if (! $deployment->auto_deploy) {
|
|
return response()->json(['message' => 'Auto-deploy disabled'], 202);
|
|
}
|
|
|
|
RunGitDeployment::dispatch($deployment->id);
|
|
|
|
return response()->json(['message' => 'Deployment queued']);
|
|
}
|
|
}
|