mirror of
https://github.com/standardebooks/web.git
synced 2025-07-07 15:20:32 -04:00
Update PHPStan and Safe PHP, and review codebase for further type correctness
This commit is contained in:
Alex Cabal
parent
e2e14a3551
commit
9d1b66d19e
35 changed files with 301 additions and 169 deletions
|
|
@ -6,11 +6,13 @@
|
|||
use function Safe\exec;
|
||||
use function Safe\file_get_contents;
|
||||
use function Safe\json_decode;
|
||||
use function Safe\get_cfg_var;
|
||||
use function Safe\glob;
|
||||
use function Safe\shell_exec;
|
||||
|
||||
$log = new Log(GITHUB_WEBHOOK_LOG_FILE_PATH);
|
||||
|
||||
try{
|
||||
$log = new Log(GITHUB_WEBHOOK_LOG_FILE_PATH);
|
||||
$lastPushHashFlag = '';
|
||||
|
||||
HttpInput::ValidateRequestMethod([Enums\HttpMethod::Post]);
|
||||
|
|
@ -20,7 +22,9 @@ try{
|
|||
$post = file_get_contents('php://input');
|
||||
|
||||
// Validate the GitHub secret.
|
||||
$splitHash = explode('=', $_SERVER['HTTP_X_HUB_SIGNATURE']);
|
||||
/** @var string $githubSignature */
|
||||
$githubSignature = $_SERVER['HTTP_X_HUB_SIGNATURE'] ?? '';
|
||||
$splitHash = explode('=', $githubSignature);
|
||||
$hashAlgorithm = $splitHash[0];
|
||||
$hash = $splitHash[1];
|
||||
|
||||
|
|
@ -80,7 +84,7 @@ try{
|
|||
|
||||
// Check the local repo's last commit. If it matches this push, then don't do anything; we're already up to date.
|
||||
|
||||
$lastCommitSha1 = trim(shell_exec('git -C ' . escapeshellarg($dir) . ' rev-parse HEAD 2>&1'));
|
||||
$lastCommitSha1 = trim(shell_exec('git -C ' . escapeshellarg($dir) . ' rev-parse HEAD 2>&1') ?? '');
|
||||
|
||||
if($lastCommitSha1 == ''){
|
||||
$log->Write('Error getting last local commit. Output: ' . $lastCommitSha1);
|
||||
|
|
@ -95,12 +99,11 @@ try{
|
|||
}
|
||||
|
||||
// Get the current HEAD hash and save for later.
|
||||
$output = [];
|
||||
exec('sudo --set-home --user=se-vcs-bot git -C ' . escapeshellarg($dir) . ' rev-parse HEAD', $output, $returnCode);
|
||||
if($returnCode != 0){
|
||||
$log->Write('Couldn\'t get last commit of local repo. Output: ' . implode("\n", $output));
|
||||
}
|
||||
else{
|
||||
elseif(sizeof($output ?? []) > 0){
|
||||
$lastPushHashFlag = ' --last-push-hash ' . escapeshellarg($output[0]);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,10 +3,12 @@ use function Safe\curl_exec;
|
|||
use function Safe\curl_init;
|
||||
use function Safe\curl_setopt;
|
||||
use function Safe\file_get_contents;
|
||||
use function Safe\get_cfg_var;
|
||||
use function Safe\json_decode;
|
||||
|
||||
$log = new Log(POSTMARK_WEBHOOK_LOG_FILE_PATH);
|
||||
|
||||
try{
|
||||
$log = new Log(POSTMARK_WEBHOOK_LOG_FILE_PATH);
|
||||
/** @var string $smtpUsername */
|
||||
$smtpUsername = get_cfg_var('se.secrets.postmark.username');
|
||||
|
||||
|
|
@ -17,7 +19,9 @@ try{
|
|||
$apiKey = get_cfg_var('se.secrets.postmark.api_key');
|
||||
|
||||
// Ensure this webhook actually came from Postmark.
|
||||
if($apiKey != ($_SERVER['HTTP_X_SE_KEY'] ?? '')){
|
||||
/** @var string $postmarkKey */
|
||||
$postmarkKey = $_SERVER['HTTP_X_SE_KEY'] ?? '';
|
||||
if($apiKey != $postmarkKey){
|
||||
throw new Exceptions\InvalidCredentialsException();
|
||||
}
|
||||
|
||||
|
|
@ -76,7 +80,8 @@ try{
|
|||
http_response_code(Enums\HttpCode::NoContent->value);
|
||||
}
|
||||
catch(Exceptions\InvalidCredentialsException){
|
||||
$log->Write('Invalid key: ' . ($_SERVER['HTTP_X_SE_KEY'] ?? ''));
|
||||
/** @var string $postmarkKey */
|
||||
$log->Write('Invalid key: ' . $postmarkKey);
|
||||
http_response_code(Enums\HttpCode::Forbidden->value);
|
||||
}
|
||||
catch(Exceptions\WebhookException $ex){
|
||||
|
|
|
|||
|
|
@ -1,12 +1,13 @@
|
|||
<?
|
||||
use function Safe\file_get_contents;
|
||||
use function Safe\get_cfg_var;
|
||||
use function Safe\preg_match;
|
||||
use function Safe\json_decode;
|
||||
|
||||
// This webhook receives POSTs when email from a Fractured Atlas donation is received at the SE Zoho email account. This script processes the email, and inserts the donation ID into the database for later processing by `~se/web/scripts/process-pending-payments`.
|
||||
try{
|
||||
$log = new Log(ZOHO_WEBHOOK_LOG_FILE_PATH);
|
||||
$log = new Log(ZOHO_WEBHOOK_LOG_FILE_PATH);
|
||||
|
||||
try{
|
||||
HttpInput::ValidateRequestMethod([Enums\HttpMethod::Post]);
|
||||
|
||||
$log->Write('Received Zoho webhook.');
|
||||
|
|
@ -17,7 +18,9 @@ try{
|
|||
/** @var string $zohoWebhookSecret */
|
||||
$zohoWebhookSecret = get_cfg_var('se.secrets.zoho.webhook_secret');
|
||||
|
||||
if(!hash_equals($_SERVER['HTTP_X_HOOK_SIGNATURE'], base64_encode(hash_hmac('sha256', $post, $zohoWebhookSecret, true)))){
|
||||
/** @var string $zohoHookSignature */
|
||||
$zohoHookSignature = $_SERVER['HTTP_X_HOOK_SIGNATURE'];
|
||||
if(!hash_equals($zohoHookSignature, base64_encode(hash_hmac('sha256', $post, $zohoWebhookSecret, true)))){
|
||||
throw new Exceptions\InvalidCredentialsException();
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue