-
Notifications
You must be signed in to change notification settings - Fork 12
Expand file tree
/
Copy pathindex.php
More file actions
139 lines (117 loc) · 4.5 KB
/
index.php
File metadata and controls
139 lines (117 loc) · 4.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
/**
* SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
declare(strict_types=1);
require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/src/Response.php';
// Check if this is a request for the enterprise version endpoint
if (isset($_SERVER['REQUEST_URI']) && substr($_SERVER['REQUEST_URI'], -19) === '/enterprise-version') {
// Set Content-Type to JSON
header('Content-Type: application/json');
// Enforce browser based XSS filters
header('X-XSS-Protection: 1; mode=block');
// Disable sniffing the content type for IE
header('X-Content-Type-Options: nosniff');
// Disallow iFraming from other domains
header('X-Frame-Options: Sameorigin');
// https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
header('X-Robots-Tag: none');
// Extract enterpriseVersion from the config file by parsing it
$configContent = file_get_contents(__DIR__ . '/config/config.php');
if ($configContent === false) {
http_response_code(500);
echo json_encode(['error' => 'Failed to read configuration file'], JSON_THROW_ON_ERROR);
exit();
}
preg_match('/\$enterpriseVersion\s*=\s*[\'"]([^\'"\r\n]+)[\'"]/', $configContent, $matches);
$enterpriseVersion = isset($matches[1]) ? $matches[1] : null;
echo json_encode(['enterpriseVersion' => $enterpriseVersion], JSON_THROW_ON_ERROR);
exit();
}
// Set Content-Type to XML
header('Content-Type: application/xml');
// Enforce browser based XSS filters
header('X-XSS-Protection: 1; mode=block');
// Disable sniffing the content type for IE
header('X-Content-Type-Options: nosniff');
// Disallow iFraming from other domains
header('X-Frame-Options: Sameorigin');
// https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
header('X-Robots-Tag: none');
if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
isset($_SERVER['PATH_INFO']) &&
substr($_SERVER['PATH_INFO'], -5) === '/hook' &&
isset($_SERVER['HTTP_X_HUB_SIGNATURE']) &&
isset($_SERVER['HTTP_X_GITHUB_EVENT']) &&
$_SERVER['HTTP_X_GITHUB_EVENT'] === 'push') {
if (!file_exists(__DIR__ . '/config/secrets.php')) {
exit();
}
try {
$config = new \ClientUpdateServer\Config(__DIR__ . '/config/secrets.php');
} catch (\RuntimeException $e) {
exit();
}
$webhookSecret = $config->get('githubWebhookSecret');
$branch = $config->get('githubWebhookBranch');
if (!is_string($webhookSecret) || !is_string($branch)) {
exit();
}
$body = file_get_contents('php://input');
$expectedSecretHeader = $_SERVER['HTTP_X_HUB_SIGNATURE'];
$actualSecret = 'sha1=' . hash_hmac('sha1', $body, $webhookSecret);
if ($actualSecret !== $expectedSecretHeader) {
exit();
}
$data = json_decode($body, true);
if (!is_array($data)) {
exit();
}
if (isset($data['ref']) && $data['ref'] === 'refs/heads/' . $branch) {
$escapedDir = escapeshellarg(__DIR__);
exec("cd $escapedDir && git pull && composer update --no-dev");
echo "Deployed";
}
exit();
}
$allowedChannels = ['stable', 'daily', 'beta', 'enterprise'];
// Read parameters
$oem = isset($_GET['oem']) ? (string)$_GET['oem'] : null;
$platform = isset($_GET['platform']) ? (string)$_GET['platform'] : null;
$buildArch = isset($_GET['buildArch']) ? (string)$_GET['buildArch'] : "x86_64";
$currentArch = isset($_GET['currentArch']) ? (string)$_GET['currentArch'] : "x86_64";
$version = isset($_GET['version']) ? (string)$_GET['version'] : null;
$isSparkle = isset($_GET['sparkle']) ? true : false;
$isFileProvider = isset($_GET['fileprovider']) ? true : false;
// due to a bug in an old version, the channels were translated. we need to catch them again
$channel = isset($_GET['channel']) && in_array((string)$_GET['channel'], $allowedChannels, true)
? (string)$_GET['channel']
: 'stable';
$osRelease = isset($_GET['osRelease']) ? (string)$_GET['osRelease'] : '';
$osVersion = isset($_GET['osVersion']) ? (string)$_GET['osVersion'] : '';
$kernelVersion = isset($_GET['kernelVersion']) ? (string)$_GET['kernelVersion'] : '';
if($oem === null || $platform === null || $version === null) {
die();
}
// for macOS we currently can not deliver daily do to dependencies of the sparkle updater
// we will default macOS daily => stable
if ($platform === 'macos' && $channel === 'daily') {
$channel = 'stable';
}
$config = require_once __DIR__ . '/config/config.php';
// Deliver update
$response = new \ClientUpdateServer\Response(
$oem,
$platform,
$version,
$osRelease,
$osVersion,
$kernelVersion,
$channel,
$isSparkle,
$isFileProvider,
$config
);
echo $response->buildResponse();