From e96253d542530d5186bea3d56a37300bfd92c05c Mon Sep 17 00:00:00 2001
From: Jimmy <git@jimmy.nz>
Date: Sun, 1 Aug 2021 13:04:41 +1200
Subject: [PATCH] Switch to fastapi

---
 app/auth.py | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 app/main.py | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+)
 create mode 100644 app/auth.py
 create mode 100755 app/main.py

diff --git a/app/auth.py b/app/auth.py
new file mode 100644
index 0000000..dbf6b46
--- /dev/null
+++ b/app/auth.py
@@ -0,0 +1,50 @@
+import os
+import hmac
+from fastapi import Request
+from fastapi.exceptions import HTTPException
+from fastapi.param_functions import Header
+from dotenv import load_dotenv
+
+load_dotenv()
+
+async def check_ref(request: Request):
+    json = await request.json()  
+    if json["ref"] and json["ref"] == f"refs/heads/{os.environ.get('BRANCH')}":
+        return
+    raise HTTPException(status_code=403, detail="Invalid branch")
+
+async def auth_hook(request: Request):
+    try:
+        json = await request.json()
+        text = await request.body()
+    except:
+        raise HTTPException(status_code=204, detail="Missing or bad content")
+    header_signature = request.headers.get('X-Hub-Signature')
+
+    if not header_signature:
+        raise HTTPException(status_code=400, detail="Missing signature")
+
+    # separate the signature from the sha1 indication
+    sha_name, signature = header_signature.split('=')
+    if sha_name != 'sha1':
+        raise HTTPException(status_code=400, detail="Invalid signature")
+
+    secret_key = os.environ.get('WEBHOOK_SECRET')
+    if secret_key is None:
+        raise HTTPException(status_code=503, detail="Missing WEBHOOK_SECRET")
+
+    # create a new hmac with the secret key and the request data
+    mac = hmac.new(secret_key.encode(), msg=text, digestmod='sha1')
+
+    # verify the digest matches the signature
+    if not hmac.compare_digest(mac.hexdigest(), signature):
+        raise HTTPException(status_code=403, detail="Unauthorized")
+
+async def auth_web(request: Request):
+    token = request._query_params.get("token")
+    if token is None:
+        raise HTTPException(status_code=400, detail="Missing token")
+    print(token, os.environ.get("TOKEN"))
+    if token == os.environ.get("TOKEN"):
+        return
+    raise HTTPException(status_code=403, detail="Invalid token")
\ No newline at end of file
diff --git a/app/main.py b/app/main.py
new file mode 100755
index 0000000..99b4ce8
--- /dev/null
+++ b/app/main.py
@@ -0,0 +1,34 @@
+from os import environ
+import os
+from fastapi import FastAPI, Body, Request, Depends
+import json
+from fastapi.exceptions import HTTPException
+
+from fastapi.param_functions import Header
+from fastapi_responses import custom_openapi
+from app.auth import auth_hook, auth_web, check_ref
+from app.pack import Pack
+
+
+if not os.environ.get("DOCKER"):
+    from dotenv import load_dotenv
+    load_dotenv
+    
+app = FastAPI()
+
+app.openapi = custom_openapi(app)
+
+pack = Pack()
+pack.clone()
+
+@app.get("/", dependencies=[Depends(auth_web)])
+@app.post("/", dependencies=[Depends(auth_hook), Depends(check_ref)])
+async def hook(req: Request):
+    pack.pull()
+    pack.collate()
+    pack.compress()
+    pack.hash()
+    pack.upload()
+    return "Update"
+
+