binford2k · December 27, 2015 19:39
diff --git a/webhook.rb b/webhook.rb
 #! /usr/bin/env ruby

 require 'rubygems'
 require 'sinatra/base'
 require 'webrick'
 #require 'webrick/https'
 #require 'openssl'
 require 'resolv'
 require 'json'

 GITSERVER = '<%= @gitserver %>'
 DEPLOYCMD = 'r10k deploy environment -p -v >> /var/log/r10k 2>&1'
 LOGFILE   = '/var/log/webhooks'
 # USER      = 'admin'
 # PASS      = 'admin'

 ENV['HOME'] = '/root'
 ENV['PATH'] = '/sbin:/usr/sbin:/bin:/usr/bin:/opt/puppet/bin'

 opts = {
        :Port               => 9090,
        :Logger             => WEBrick::Log::new(LOGFILE, WEBrick::Log::DEBUG),
        :ServerType         => WEBrick::Daemon,
        :SSLEnable          => false,
 #         :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
 #         :SSLCertificate     => OpenSSL::X509::Certificate.new(  File.open(File.join(CERT_PATH, 'server.crt')).read),
 #         :SSLPrivateKey      => OpenSSL::PKey::RSA.new(          File.open(File.join(CERT_PATH, 'server.key')).read),
 #         :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ]
 }

 class Server  < Sinatra::Base

    set :public, 'public'

    get '/' do
      raise Sinatra::NotFound
    end

    get '/deploy' do
      protected!
      deploy()
    end

    not_found do
      halt 404, 'You shall not pass! (page not found)'
    end
    
    helpers do
      def deploy()
        begin
          Process.detach(fork{ exec "#{DEPLOYCMD} &"})
          {:status => :success, :message => "Deploying environments."}.to_json
        rescue
          {:status => :fail, :message => "Deploy failed.", :trace => e.message}.to_json
        end
      end

      def protected!
        # only allow access from the git server.
        throw(:halt, [401, "Not authorized\n"]) unless request.host == GITSERVER
      end

 #       # You can implement a very simple basic auth following this example
 #       # Basic auth boilerplate
 #       def protected!
 #         unless authorized?
 #           response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
 #           throw(:halt, [401, "Not authorized\n"])
 #         end
 #       end
 #
 #       def authorized?
 #         @auth ||=  Rack::Auth::Basic::Request.new(request.env)
 #         @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == [USER, PASSWORD]
 #       end

    end
 end

 Rack::Handler::WEBrick.run(Server, opts) do |server|
        [:INT, :TERM].each { |sig| trap(sig) { server.stop } }
 end
	#! /usr/bin/env ruby

	require 'rubygems'
	require 'sinatra/base'
	require 'webrick'
	#require 'webrick/https'
	#require 'openssl'
	require 'resolv'
	require 'json'

	GITSERVER = '<%= @gitserver %>'
	DEPLOYCMD = 'r10k deploy environment -p -v >> /var/log/r10k 2>&1'
	LOGFILE = '/var/log/webhooks'
	# USER = 'admin'
	# PASS = 'admin'

	ENV['HOME'] = '/root'
	ENV['PATH'] = '/sbin:/usr/sbin:/bin:/usr/bin:/opt/puppet/bin'

	opts = {
	:Port => 9090,
	:Logger => WEBrick::Log::new(LOGFILE, WEBrick::Log::DEBUG),
	:ServerType => WEBrick::Daemon,
	:SSLEnable => false,
	# :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
	# :SSLCertificate => OpenSSL::X509::Certificate.new( File.open(File.join(CERT_PATH, 'server.crt')).read),
	# :SSLPrivateKey => OpenSSL::PKey::RSA.new( File.open(File.join(CERT_PATH, 'server.key')).read),
	# :SSLCertName => [ [ "CN",WEBrick::Utils::getservername ] ]
	}

	class Server < Sinatra::Base

	set :public, 'public'

	get '/' do
	raise Sinatra::NotFound
	end

	get '/deploy' do
	protected!
	deploy()
	end

	not_found do
	halt 404, 'You shall not pass! (page not found)'
	end

	helpers do
	def deploy()
	begin
	Process.detach(fork{ exec "#{DEPLOYCMD} &"})
	{:status => :success, :message => "Deploying environments."}.to_json
	rescue
	{:status => :fail, :message => "Deploy failed.", :trace => e.message}.to_json
	end
	end

	def protected!
	# only allow access from the git server.
	throw(:halt, [401, "Not authorized\n"]) unless request.host == GITSERVER
	end

	# # You can implement a very simple basic auth following this example
	# # Basic auth boilerplate
	# def protected!
	# unless authorized?
	# response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
	# throw(:halt, [401, "Not authorized\n"])
	# end
	# end
	#
	# def authorized?
	# @auth \|\|= Rack::Auth::Basic::Request.new(request.env)
	# @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == [USER, PASSWORD]
	# end

	end
	end

	Rack::Handler::WEBrick.run(Server, opts) do \|server\|
	[:INT, :TERM].each { \|sig\| trap(sig) { server.stop } }
	end