Last active
November 9, 2017 08:45
-
-
Save mehdichaouch/fc6a9287c77a795df646c31357a07cba to your computer and use it in GitHub Desktop.
Php deploy file for Bitbucket webhooks and repository
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Php deploy file for Bitbucket webhook and repository | |
| // | |
| // Require: shell_exec allow in php.ini | |
| // | |
| // How to run, my way: | |
| // 1. one protected folder (htaccess) | |
| // 2. hit the url with webhook : http://myuser:[email protected]/scripts/deploy.php?type= [deploy|pull] | |
| function isHeadersValid($allowedHeaders) { | |
| $headers = getallheaders(); | |
| $status = true; | |
| foreach ($allowedHeaders as $key => $value) { | |
| if ($allowedHeaders[$key] !== $headers[$key]) { | |
| return false; | |
| } | |
| } | |
| return true; | |
| } | |
| function ipInRange($ip, $range) | |
| { | |
| if (strpos($range, '/') == false) { | |
| $range .= '/32'; | |
| } | |
| // $range is in IP/CIDR format eg 127.0.0.1/24 | |
| list($range, $netmask) = explode('/', $range, 2); | |
| $range_decimal = ip2long($range); | |
| $ip_decimal = ip2long($ip); | |
| $wildcard_decimal = pow(2, (32 - $netmask)) - 1; | |
| $netmask_decimal = ~ $wildcard_decimal; | |
| return (($ip_decimal & $netmask_decimal) == ($range_decimal & $netmask_decimal)); | |
| } | |
| function getClientIpServer() | |
| { | |
| $ipaddress = ''; | |
| if (isset($_SERVER['HTTP_CLIENT_IP'])) { | |
| $ipaddress = $_SERVER['HTTP_CLIENT_IP']; | |
| } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
| $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']; | |
| } elseif (isset($_SERVER['HTTP_X_FORWARDED'])) { | |
| $ipaddress = $_SERVER['HTTP_X_FORWARDED']; | |
| } elseif (isset($_SERVER['HTTP_FORWARDED_FOR'])) { | |
| $ipaddress = $_SERVER['HTTP_FORWARDED_FOR']; | |
| } elseif (isset($_SERVER['HTTP_FORWARDED'])) { | |
| $ipaddress = $_SERVER['HTTP_FORWARDED']; | |
| } elseif (isset($_SERVER['REMOTE_ADDR'])) { | |
| $ipaddress = $_SERVER['REMOTE_ADDR']; | |
| } else { | |
| $ipaddress = 'UNKNOWN'; | |
| } | |
| return $ipaddress; | |
| } | |
| function isIpValid($ip, $ipRanges) { | |
| foreach ($ipRanges as $value) { | |
| if (ipInRange($ip, $value)) { | |
| return true; | |
| } | |
| } | |
| return false; | |
| } | |
| ############################################################################### | |
| $allowedHeaders = [ | |
| 'X-Event-Key' => 'repo:push', | |
| 'User-Agent' => 'Bitbucket-Webhooks/2.0', | |
| //'X-Hook-UUID' => '4431be04-607b-45a4-8cc5-be08335ed22a',// get this data from body | |
| 'Content-Type' => 'application/json', | |
| ]; | |
| // Bitbucket ips | |
| $allowedIpRanges = [ | |
| '131.103.20.160/27', | |
| '165.254.145.0/26', | |
| '104.192.143.0/24', | |
| ]; | |
| if (!isHeadersValid($allowedHeaders)) { | |
| error_log("Bad headers"); | |
| header("HTTP/1.0 404 Not Found"); | |
| echo "Not Found"; | |
| exit(0); | |
| } | |
| $ip = getClientIpServer(); | |
| error_log("Calling from ". $ip); | |
| if ($ip == "::1" || $ip == "127.0.0.1" || !isIpValid($ip, $allowedIpRanges)) { | |
| error_log("IP not in range"); | |
| header("HTTP/1.0 403 Unauthorized"); | |
| echo "Unauthorized"; | |
| exit(0); | |
| } | |
| if ('deploy' == $_GET['type']) { | |
| $output = shell_exec('/home/www/' . $_SERVER['HTTP_HOST'] . '_deploy/deploy.sh'); | |
| } elseif ('pull' == $_GET['type']) { | |
| $output = shell_exec('cd /home/www/' . $_SERVER['HTTP_HOST'] . ' && git pull'); | |
| } | |
| error_log("Done."); | |
| header("HTTP/1.0 200 OK"); | |
| echo "== Webhook =="; | |
| echo "<pre>$output</pre>"; | |
| exit(0); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment