|
|
@ -1,19 +1,20 @@ |
|
|
|
const express = require('express'); |
|
|
|
const path = require('path'); |
|
|
|
const bodyParser = require('body-parser') |
|
|
|
const crypto = require('crypto') |
|
|
|
const { exec } = require('child_process') |
|
|
|
const bodyParser = require('body-parser'); |
|
|
|
const crypto = require('crypto'); |
|
|
|
const { exec } = require('child_process'); |
|
|
|
require('dotenv').config(); |
|
|
|
|
|
|
|
const app = express(); |
|
|
|
const PORT = process.env.PORT || 3000; |
|
|
|
const GITEA_SECRET = process.env.GITEA_SECRET; |
|
|
|
console.log('GITEA_SECRET:', process.env.GITEA_SECRET); |
|
|
|
|
|
|
|
// Serve static files from the 'public' directory
|
|
|
|
app.use(express.static(path.join(__dirname, 'public'))); |
|
|
|
|
|
|
|
// Middleware to parse JSON payloads
|
|
|
|
app.use(bodyParser.json()) |
|
|
|
app.use(bodyParser.json()); |
|
|
|
|
|
|
|
// Custom middleware to handle URLs without .html for specific routes
|
|
|
|
app.use((req, res, next) => { |
|
|
@ -59,39 +60,37 @@ app.get('/articles/:articleName', (req, res) => { |
|
|
|
|
|
|
|
// Webhook handler
|
|
|
|
app.post('/api', (req, res) => { |
|
|
|
console.log('hit!'); |
|
|
|
console.log('GITEA_SECRET:', process.env.GITEA_SECRET); |
|
|
|
const signature = req.headers['x-gitea-signature']; |
|
|
|
const payload = JSON.stringify(req.body); |
|
|
|
|
|
|
|
if (!signature || !payload) { |
|
|
|
return res.status(400).send('Invalid payload or missing signature'); |
|
|
|
} |
|
|
|
|
|
|
|
// Verify the secret
|
|
|
|
const hmac = crypto.createHmac('sha256', GITEA_SECRET); |
|
|
|
const digest = `sha256=${hmac.update(payload).digest('hex')}`; |
|
|
|
|
|
|
|
// Buffer lengths
|
|
|
|
const bufferSignature = Buffer.from(signature); |
|
|
|
const bufferDigest = Buffer.from(digest); |
|
|
|
|
|
|
|
console.log(bufferDigest, bufferSignature) |
|
|
|
|
|
|
|
if (crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest))) { |
|
|
|
// Secret is valid, update the repository
|
|
|
|
exec('/home/gnome.sh', (err, stdout, stderr) => { |
|
|
|
if (err) { |
|
|
|
console.error(`Error updating repository: ${stderr}`); |
|
|
|
return res.status(500).send('Server error'); |
|
|
|
} |
|
|
|
|
|
|
|
console.log(`Repository updated: ${stdout}`); |
|
|
|
res.status(200).send('Repository updated successfully'); |
|
|
|
}); |
|
|
|
} else { |
|
|
|
res.status(401).send('Invalid secret'); |
|
|
|
} |
|
|
|
console.log('hit!'); |
|
|
|
console.log('GITEA_SECRET:', process.env.GITEA_SECRET); |
|
|
|
const signature = req.headers['x-gitea-signature']; |
|
|
|
const payload = JSON.stringify(req.body); |
|
|
|
|
|
|
|
if (!signature || !payload) { |
|
|
|
return res.status(400).send('Invalid payload or missing signature'); |
|
|
|
} |
|
|
|
|
|
|
|
// Verify the secret
|
|
|
|
const hmac = crypto.createHmac('sha256', GITEA_SECRET); |
|
|
|
const digest = `sha256=${hmac.update(payload).digest('hex')}`; |
|
|
|
|
|
|
|
// Ensure both buffers have the same length before comparing
|
|
|
|
const bufferSignature = Buffer.from(signature); |
|
|
|
const bufferDigest = Buffer.from(digest); |
|
|
|
|
|
|
|
if (bufferSignature.length === bufferDigest.length && crypto.timingSafeEqual(bufferSignature, bufferDigest)) { |
|
|
|
// Secret is valid, update the repository
|
|
|
|
exec('/home/gnome.sh', (err, stdout, stderr) => { |
|
|
|
if (err) { |
|
|
|
console.error(`Error updating repository: ${stderr}`); |
|
|
|
return res.status(500).send('Server error'); |
|
|
|
} |
|
|
|
|
|
|
|
console.log(`Repository updated: ${stdout}`); |
|
|
|
res.status(200).send('Repository updated successfully'); |
|
|
|
}); |
|
|
|
} else { |
|
|
|
res.status(401).send('Invalid secret'); |
|
|
|
} |
|
|
|
}); |
|
|
|
|
|
|
|
// Error handling
|
|
|
|