fix: GH install (#56)

* fix: GH install * fix(ci): pages doesn't use it --------- Co-authored-by: Christopher Langton <[email protected]>
Vulnetix · Oct 28, 2024 · 0ad2b17 · 0ad2b17
1 parent d697740
commit 0ad2b17
Show file tree

Hide file tree

Showing 10 changed files with 364 additions and 1,228 deletions.
diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+3.12
diff --git a/Makefile b/Makefile
@@ -45,6 +45,9 @@ sbom: clean ## generate CycloneDX from NPM for this project
 deployments: ## FOR DOCO ONLY
 	npx wrangler pages deployment list --project-name vulnetix
 
+deploy: ## FOR DOCO ONLY
+	npx wrangler pages deployment create ./dist --project-name vulnetix --branch demo --upload-source-maps=true
+
 run: ## FOR DOCO ONLY - Run these one at a time, do not call this target directly
 	lsof -i tcp:8788
 	npm run preview

diff --git a/del-cloudflare-deployments.py b/del-cloudflare-deployments.py
@@ -0,0 +1,74 @@
+import pathlib
+import tomllib
+import time
+from datetime import datetime, timedelta, timezone
+
+from httpx import Client, Response, HTTPError
+
+config = tomllib.loads(pathlib.Path('.dev.vars').read_text())
+ACCOUNT_ID = 'e302589106b4c4287aebe65763eb4f80'
+PROJECT_NAME = 'vulnetix'
+ENDPOINT = f'https://api.cloudflare.com/client/v4/accounts/{ACCOUNT_ID}/pages/projects/{PROJECT_NAME}/deployments'
+CF_API_TOKEN = config['CLOUDFLARE_API_TOKEN']
+EXPIRATION_BEFORE = datetime.now(timezone.utc) - timedelta(days=7)
+HEADERS = {
+    'Content-Type': 'application/json',
+    'Authorization': f'Bearer {CF_API_TOKEN}',
+}
+print(HEADERS)
+
+def delete_deployments(client: Client):
+    page = 1
+    total_deleted = 0
+    i = 0
+    while True:
+        i += 1
+        r = client.get(ENDPOINT, headers=HEADERS, params={'page': page})
+        check_status(r)
+        deployments = r.json()
+
+        results = deployments['result']
+        print(f'{i}: page {page}, got {len(results)} deployments, total deleted {total_deleted}')
+        deleted = 0
+
+        for deployment in results:
+            created_on = datetime.fromisoformat(deployment['created_on'])
+            if created_on < EXPIRATION_BEFORE:
+                deployment_id = deployment['id']
+                start = time.time()
+                delete(client, deployment_id)
+                time_taken = time.time() - start
+                print(f'  deleted {deployment_id} (created {created_on:%Y-%m-%d}), took {time_taken:.2f}s')
+
+                # see if this is long enough to avoid rate limiting?
+                time.sleep(0.25)
+                deleted += 1
+
+        total_deleted += deleted
+        if deleted == 0:
+            # only increment the page number if we didn't delete anything
+            page += 1
+
+
+def delete(client: Client, deployment_id: str) -> int:
+    last_error = None
+    for retry in range(4):
+        try:
+            r = client.delete(f'{ENDPOINT}/{deployment_id}', headers=HEADERS, params={'force': 'true'})
+            check_status(r)
+        except HTTPError as e:
+            print(f'    retry {retry} after {e}')
+            last_error = e
+        else:
+            return retry
+
+    raise last_error
+
+
+def check_status(response: Response):
+    if not (200 <= response.status_code < 300):
+        raise HTTPError(f'HTTP status {response.status_code}: {response.text}')
+
+if __name__ == "__main__":
+    with Client(timeout=10) as c:
+        delete_deployments(c)
diff --git a/functions/v1/github/[installation_id]/install/[code].js b/functions/v1/github/[installation_id]/install/[code].js
@@ -35,6 +35,7 @@ export async function onRequestGet(context) {
             const headers = { 'Accept': 'application/json' }
             const resp = await fetch(url, { headers, method })
             oauthData = await resp.json()
+            console.log('oauthData', JSON.stringify(oauthData))
             if (oauthData?.error) {
                 return Response.json({ ok: false, error: { message: oauthData.error } })
             }

diff --git a/public/_headers b/public/_headers
@@ -0,0 +1,6 @@
+/*
+  X-Frame-Options: DENY
+  X-Content-Type-Options: nosniff
+  Referrer-Policy: no-referrer
+  Permissions-Policy: document-domain=()
+  Content-Security-Policy: script-src 'self'; frame-ancestors 'none';
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,10 @@
+[project]
+name = "vulnetix"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "cloudflare>=3.1.0",
+    "httpx>=0.27.2",
+]