initial commit ... work in progress

a80b64b6 · Hahn Axel (hahn) · a80b64b6 · a80b64b6 · a80b64b6 · a80b64b6
Commit a80b64b6 authored 4 years ago by Hahn Axel (hahn)
--- a/.gitignore
+++ b/.gitignore
+/nbproject/
+/packages/
+/public_html/inc_config.php
+/shellscripts/getfile.sh.cfg
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+deploy_prod:
+  stage: deploy
+  script:
+    - export IMLCI_URL=$IMLCI_URL
+    - export IMLCI_PROJECT=$IMLCI_PROJECT
+    - export IMLCI_API_SECRET=$IMLCI_API_SECRET
+    - /usr/local/bin/api-imlciserver.sh -a build -b origin/$CI_COMMIT_BRANCH
+  only:
+    - master
--- a/hooks/templates/inc_config.php.erb
+++ b/hooks/templates/inc_config.php.erb
+<?php
+return array(
+    'apikey'=>'@replace["apikey"]',
+    'cutfromrequest'=>'^/packages',
+    'packagedir'=>dirname(__DIR__).'/packages',
+);
--- a/public_html/inc_config.php.dist
+++ b/public_html/inc_config.php.dist
+<?php
+return array(
+    'apikey'=>'our-package-server-secret',
+    'cutfromrequest'=>'^/packages',
+    'packagedir'=>dirname(__DIR__).'/packages',
+);
\ No newline at end of file
--- a/public_html/inc_functions.php
+++ b/public_html/inc_functions.php
+<?php
+/**
+ * Check authorization in the http request header and age of timestamp
+ * On a failed check the request will be terminated
+ * @global int $iMaxAge         max allowed age
+ * @param type $sMySecret
+ * @return boolean
+ */
+function _checkAuth($sMySecret){
+    global $iMaxAge;
+    $aReqHeaders=apache_request_headers();
+    _wd('request headers: <pre>'.print_r($aReqHeaders, 1).'</pre>');
+    if(!isset($aReqHeaders['Authorization'])){
+        _quit('Access denied. Missing authorization.', 403);
+    }         
+    if(!isset($aReqHeaders['Date'])){
+        _quit('Access denied. Missing field "Date:" in the request header.', 403);
+    }         
+    $sGotHash= preg_replace('/^.*\:/', '', $aReqHeaders['Authorization']);
+    $sGotDate= $aReqHeaders['Date'];
+    $sGotMethod=$_SERVER['REQUEST_METHOD'];
+    $sGotReq=$_SERVER['REQUEST_URI'];
+    $sMyData="${sGotMethod}\n${sGotReq}\n${sGotDate}\n";
+    $sMyHash= base64_encode(hash_hmac("sha1", $sMyData, $sMySecret));
+    _wd('Hash: '.$sGotHash.' -- from header');
+    _wd('Hash: '.$sMyHash.' -- rebuilt');
+    if($sGotHash!==$sMyHash){
+        _quit('Access denied. Invalid hash.', 403);
+    }
+    $iAge=date('U')-date('U', strtotime($sGotDate));
+    _wd('Date: '.$sGotDate.' - age: '.$iAge.' sec');
+    if($iAge>$iMaxAge){
+        _quit('Access denied. Hash is out of date: '.$iAge. ' sec is older '.$iMaxAge.' sec. Maybe client or server is out of sync.', 403);
+    }
+    if($iAge<-$iMaxAge){
+        _quit('Access denied. Hash is '.$iAge. ' sec in future but only '.$iMaxAge.' sec are allowed. Maybe client or server is out of sync.', 403);
+    }
+    return true;
+}
+/**
+ * end with OK output
+ * @param type $Data
+ */
+function _done($Data){
+    echo is_array($Data) 
+        ? json_encode($Data, JSON_PRETTY_PRINT)
+        : $Data
+        ;
+    die();
+}
+/**
+ * abort execution with error
+ * @param string   $s        message
+ * @param integer  $iStatus  http status code to send
+ */
+function _quit($s, $iStatus=400){
+    $aStatus=array(
+       400=>'HTTP/1.0 400 Bad Request', 
+       403=>'HTTP/1.0 403 Access denied', 
+       404=>'HTTP/1.0 404 Not found', 
+    );
+    header($aStatus[$iStatus]);
+    # _done(array('status'=>$iStatus, 'info'=>$aStatus[$iStatus], 'message'=>$s));
+    _sendHtml($aStatus[$iStatus], $s);
+    die();
+}
+/**
+ * send html page
+ * @param type $sTitle
+ * @param type $sContent
+ */
+function _sendHtml($sTitle, $sContent){
+    echo '<!doctype html>
+<html>
+    <head>
+        <title>'.$sTitle.'</title>
+        <link rel="stylesheet" type="text/css" href="/main.css" media="screen" />
+    </head>
+    <body>
+        <h1><span class="imllogo"></span> CI <span class="subdomain"> packages</span></h1>
+        <h2>'.$sTitle.'</h2>
+        <p>
+            '.$sContent.'
+        </p>
+        <footer>
+            <a href="https://www.iml.unibe.ch/">www.iml.unibe.ch</a>
+        </footer>
+    </body>
+</html>
+'
+;
+}
+/**
+ * write debug text (if enabled)
+ * @global boolean $bDebug
+ * @param string  $s       message
+ * @param string  $sLevel  level; one of info|
+ * @return boolean
+ */
+function _wd($s, $sLevel='info'){
+    global $bDebug;
+    if ($bDebug){
+        echo '<div class="debug debug-'.$sLevel.'">DEBUG: '.$s.'</div>';
+    }
+    return true;
+}
--- a/public_html/index.php
+++ b/public_html/index.php
+<?php
+require('inc_functions.php');
+_sendHtml('Ready?', 'Ich bin bereit, wenn du es bist.');
\ No newline at end of file
--- a/public_html/main.css
+++ b/public_html/main.css
+a{color:#345}
+body{background:#f8f8f8; background: linear-gradient(-10deg,#f8f8f8,#abc) fixed; font-size: 1.1em;  color:#456; font-family: verdana,arial; overflow: hidden; margin: 2em;}
+h1{margin:0.4em 0 2em 0.4em; color:#fff; text-shadow: 0 0 0.3em rgba(0,0,0,0.3);}
+h2{font-size: 400%; color:#789;}
+footer a{ position: absolute; bottom: 1em; right: 1em; padding: 1em; background: rgba(0,0,0,0.1); }
+footer a:hover{ background: rgba(0,0,0,0.05); }
+.imllogo:before {background: rgb(255,0,51);color: #fff;padding: 0.5em 0.3em;content: 'IML'; font-family: "arial"; text-shadow: none;}
+.subdomain{opacity: 0.2;}
\ No newline at end of file
--- a/public_html/packages/index.php
+++ b/public_html/packages/index.php
+<?php
+/* ======================================================================
+ * 
+ * A P I   F O R   C I   S E R V E R
+ * 
+ * GET  /packages/[phase]/[ID]/[filename]
+ * 
+ * ----------------------------------------------------------------------
+ * 2021-03-31  v0.0  <axel.hahn@iml.unibe.ch>  init
+ * ======================================================================
+ */
+    $bDebug=true;
+    ini_set('display_errors', 1);
+    ini_set('display_startup_errors', 1);
+    error_reporting(E_ALL);
+    require('../inc_functions.php');
+    $aConfig=require_once("../inc_config.php");
+    $iMaxAge=60;
+    // ----------------------------------------------------------------------
+    // MAIN
+    // ----------------------------------------------------------------------
+    _wd('Start: '.date('Y-m-d H:i:s').'<style>body{background:#eee; color:#456;}
+            .debug{background:#ddd; margin-bottom: 2px;}
+         </style>');
+    _wd('request uri is '.$_SERVER["REQUEST_URI"]); 
+    _wd('<pre>GET: '.print_r($_GET, 1).'</pre>');
+    _checkAuth($aConfig['apikey']);
+    // if I am here then authentication was successful.
+    // ---------- SPLIT URL
+    $sRelfile=preg_replace('#'.$aConfig['cutfromrequest'].'#', '', $_SERVER["REQUEST_URI"]);
+    _wd('$sRelfile: '.$sRelfile);  
+    $sMyFile=$aConfig['packagedir'].$sRelfile;
+    _wd('full path of file: '.$sMyFile);
+    if (!file_exists($sMyFile)){
+        _quit('File not found.', 404);
+    }
+    // let the webserver deliver a given file 
+    header('X-Sendfile: ' . $sMyFile);
+// ======================================================================
--- a/shellscripts/getfile.sh
+++ b/shellscripts/getfile.sh
+#!/usr/bin/env bash
+# ======================================================================
+#
+# API CLIENT :: GET A CI FILE FROM PACKAGE SERVER
+#
+# ----------------------------------------------------------------------
+# 2021-03-31  v0.0  <axel.hahn@iml.unibe.ch>  init
+# ======================================================================
+# ----------------------------------------------------------------------
+# CONFIG
+# ----------------------------------------------------------------------
+line="----------------------------------------------------------------------"
+. $0.cfg
+# ----------------------------------------------------------------------
+# FUNCTIONS
+# ----------------------------------------------------------------------
+function showhelp(){
+echo "
+SYNTAX:
+  -s SECRET   override secret in IMLCI_PKG_SECRET
+  -u URL      URL of iml ci server without trailing /; overrides env variable IMLCI_URL
+  -e PHASE    phase; overrides env variable IMLCI_PHASE
+  -p PROJECT  ci project id; overrides env variable IMLCI_PROJECT
+  -f PROJECT  filename; overrides env variable IMLCI_FILE
+ACTION:
+   ... without given project and secret
+     projects   show projects
+   ... with project and secret
+     buildinfo [branch]
+                show infos about what happens on build
+     build [branch]
+                execute build
+     phases     show status of phases
+EXAMPLES:
+  `basename $0` -u https://ci.example.com -s newsecret [FILE]
+"
+}
+function makeRequest(){
+  local apiMethod=$1
+  local apiRequest=$2
+  local secret=$3
+  local outfile=$( mktemp )
+  echo $line
+  echo $apiMethod ${apiHost}${apiRequest}
+  echo $line
+  if [ ! -z "$secret" ]; then
+    # --- date in http format
+    LANG=en_EN
+    # export TZ=GMT
+    apiTS=`date "+%a, %d %b %Y %H:%M:%S %Z"`
+# --- generate data to hash: method + uri + timestamp; delimited with line break
+data="${apiMethod}
+${apiRequest}
+${apiTS}
+"
+    # generate hash - split in 2 commands (piping "cut" sends additional line break)
+    myHash=`echo -n "$data" | openssl sha1 -hmac "${secret}" | cut -f 2 -d" "`
+    myHash=`echo -n "$myHash" | base64`
+    curl \
+      -H "Accept: application/json" -H "Content-Type: application/json" \
+      -H "Date: ${apiTS}" \
+      -H "Authorization: demo-bash-client:${myHash}" \
+      -X $apiMethod \
+      ${IMLCI_URL}${apiRequest} | tee -a $outfile
+  else
+    curl -i \
+      -H "Accept: application/json" -H "Content-Type: application/json" \
+      -X $apiMethod \
+      ${IMLCI_URL}${apiRequest} | tee -a $outfile
+  fi
+  grep "^HTTP\/" $outfile | head -1 | grep " 200 " >/dev/null
+  local rccurl=$?
+    echo $line
+    echo OUTPUT:
+    cat $outfile
+    echo $line
+  rm -f $outfile
+  if [ $rccurl -ne 0 ]; then
+    echo
+    echo "ERROR: API request failed. CURL request did not get respond status code 200."
+    exit 4
+  fi
+}
+# ----------------------------------------------------------------------
+# MAIN
+# ----------------------------------------------------------------------
+echo
+echo ===== CIPGK GETTER :: `date` =====
+echo
+if  [ $# -lt 1 ]; then
+  showhelp
+  exit 1
+fi
+while getopts "a:b:u:p:e:f:s:" option; do 
+case ${option} in
+  a)
+    apiAction=$OPTARG
+    ;;
+  b)
+    branch=$OPTARG
+    ;;
+  u)
+    export IMLCI_URL=$OPTARG
+    ;;
+  p)
+    export IMLCI_PROJECT=$OPTARG
+    ;;
+  e)
+    export IMLCI_PHASE=$OPTARG
+    ;;
+  f)
+    export IMLCI_FILE=$OPTARG
+    ;;
+  s)
+    export IMLCI_PKG_SECRET=$OPTARG
+    ;;
+  *)
+    echo ERROR: invalid option [${option}]
+    exit 2
+esac
+done
+echo Params: $*
+echo "IMLCI_URL = $IMLCI_URL"
+echo "IMLCI_PROJECT = $IMLCI_PROJECT"
+echo "IMLCI_PHASE = $IMLCI_PHASE"
+echo "IMLCI_FILE = $IMLCI_FILE"
+echo "IMLCI_PKG_SECRET = $IMLCI_PKG_SECRET"
+echo
+makeRequest GET "/packages/$IMLCI_PHASE/$IMLCI_PROJECT/$IMLCI_FILE" "$IMLCI_PKG_SECRET"
+rc=$?
+echo
+echo $line
+date
+echo rc=$rc
+exit $rc
--- a/shellscripts/getfile.sh.cfg.dist
+++ b/shellscripts/getfile.sh.cfg.dist
+# ----------------------------------------------------------------------
+# defaults 
+# ----------------------------------------------------------------------
+IMLCI_PKG_SECRET=our-package-server-secret
+IMLCI_URL=https://cipkg.example.com
+IMLCI_PHASE=preview
+IMLCI_PROJECT=myproject-id
+IMLCI_FILE=