#!/usr/bin/env bash # ============================================================================= # apply-provision-webhook-after-pull.sh # ============================================================================= # Ejecutar en el servidor WHM/cPanel como root, desde la raíz del repo cd-system # después de git pull: # # cd /home/resellerprueba2/public_html/git-files/resellerprueba2 # sudo bash scripts/apply-provision-webhook-after-pull.sh # # Qué hace (idempotente): # - Copia bewpro-provision.php → public_html del usuario panel # - Copia setup_cd_project2.sh y process_provision_queue.sh → /root/scripts/ # - Crea provision_queue, permisos, cron del procesador # - Asegura regla .htaccess para que bewpro-provision.php no pase al front Laravel # - Inyecta PROVISION_SECRET en el PHP si existe /root/scripts/.provision_secret # # Configuración: editá las variables en la sección CONFIG o exportalas antes. # ============================================================================= set -euo pipefail # ── CONFIG (personalizar) ──────────────────────────────────────────────────── : "${CPANEL_USER:=resellerprueba2}" : "${GIT_FILES_DIR:=resellerprueba2}" # nombre de carpeta bajo public_html/git-files/ ROOT_SCRIPTS="/root/scripts" QUEUE_REL="provision_queue" # relativo a /home/$CPANEL_USER/ CRON_LINE="* * * * * ${ROOT_SCRIPTS}/process_provision_queue.sh" SECRET_FILE="${ROOT_SCRIPTS}/.provision_secret" # ── Raíz del repo (donde está .git) ───────────────────────────────────────── if [[ -n "${REPO_ROOT_OVERRIDE:-}" ]]; then REPO_ROOT="$REPO_ROOT_OVERRIDE" else REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || true)" fi if [[ -z "$REPO_ROOT" || ! -d "$REPO_ROOT/.git" ]]; then echo "ERROR: Ejecutá este script desde dentro del clon git de cd-system (o definí REPO_ROOT_OVERRIDE=/ruta/al/repo)." >&2 exit 1 fi DOCS_DIR="${REPO_ROOT}/docs/bewpro2.0" WEB_ROOT="/home/${CPANEL_USER}/public_html" QUEUE_DIR="/home/${CPANEL_USER}/${QUEUE_REL}" HTACCESS="${WEB_ROOT}/.htaccess" WEBHOOK_DST="${WEB_ROOT}/bewpro-provision.php" WEBHOOK_STATUS_DST="${WEB_ROOT}/bewpro-provision-status.php" for f in \ "${DOCS_DIR}/bewpro-provision.php" \ "${DOCS_DIR}/bewpro-provision-status.php" \ "${DOCS_DIR}/process_provision_queue.sh" \ "${DOCS_DIR}/setup_cd_project2.sh" do if [[ ! -f "$f" ]]; then echo "ERROR: No existe $f (¿git pull completo?)." >&2 exit 1 fi done if [[ "$(id -u)" -ne 0 ]]; then echo "ERROR: Corré como root (sudo)." >&2 exit 1 fi echo "==> Repo: $REPO_ROOT" echo "==> Usuario: $CPANEL_USER" echo "==> Web root: $WEB_ROOT" # ── Scripts en /root/scripts ───────────────────────────────────────────────── mkdir -p "$ROOT_SCRIPTS" install -m 0755 "${DOCS_DIR}/setup_cd_project2.sh" "${ROOT_SCRIPTS}/setup_cd_project2.sh" echo " Instalado: ${ROOT_SCRIPTS}/setup_cd_project2.sh" # process_provision_queue: ajustar rutas al usuario actual TMP_PQ="$(mktemp)" sed \ -e "s|/home/resellerprueba2/provision_queue|${QUEUE_DIR}|g" \ "${DOCS_DIR}/process_provision_queue.sh" >"$TMP_PQ" install -m 0755 "$TMP_PQ" "${ROOT_SCRIPTS}/process_provision_queue.sh" rm -f "$TMP_PQ" echo " Instalado: ${ROOT_SCRIPTS}/process_provision_queue.sh (QUEUE_DIR=${QUEUE_DIR})" # ── Cola de jobs ───────────────────────────────────────────────────────────── mkdir -p "$QUEUE_DIR" chmod 0777 "$QUEUE_DIR" chown "${CPANEL_USER}:${CPANEL_USER}" "$QUEUE_DIR" 2>/dev/null || true echo " Cola: $QUEUE_DIR" # ── Webhook PHP ───────────────────────────────────────────────────────────── install -m 0644 "${DOCS_DIR}/bewpro-provision.php" "$WEBHOOK_DST" chown "${CPANEL_USER}:${CPANEL_USER}" "$WEBHOOK_DST" install -m 0644 "${DOCS_DIR}/bewpro-provision-status.php" "$WEBHOOK_STATUS_DST" chown "${CPANEL_USER}:${CPANEL_USER}" "$WEBHOOK_STATUS_DST" # Ajustar directorio de cola en PHP (por si el template sigue con otro usuario) sed -i "s|/home/resellerprueba2/provision_queue|${QUEUE_DIR}|g" "$WEBHOOK_DST" sed -i "s|/home/resellerprueba2/provision_queue|${QUEUE_DIR}|g" "$WEBHOOK_STATUS_DST" # Secret: una sola línea (recomendado: openssl rand -hex 32, sin comillas simples) if [[ -f "$SECRET_FILE" ]]; then SECRET_VAL="$(tr -d '\n\r' <"$SECRET_FILE")" if [[ -n "$SECRET_VAL" ]]; then sed -i "s|\$provisionSecret = '[^']*';|\$provisionSecret = '${SECRET_VAL}';|" "$WEBHOOK_DST" sed -i "s|\$provisionSecret = '[^']*';|\$provisionSecret = '${SECRET_VAL}';|" "$WEBHOOK_STATUS_DST" echo " Secret inyectado desde $SECRET_FILE" fi else echo " AVISO: Creá $SECRET_FILE con el token (una línea, mismo valor que PROVISION_SECRET en .env de cd-system):" echo " echo -n \"\$(openssl rand -hex 32)\" > $SECRET_FILE && chmod 600 $SECRET_FILE" echo " Luego volvé a ejecutar este script." fi echo " Instalado: $WEBHOOK_DST" echo " Instalado: $WEBHOOK_STATUS_DST" # ── .htaccess: excluir webhook del rewrite a Laravel ───────────────────────── ensure_htaccess_bewpro_rule() { [[ -f "$HTACCESS" ]] || return 0 if grep -q 'bewpro-provision\.php' "$HTACCESS"; then echo " .htaccess: ya incluye regla bewpro-provision.php" return 0 fi if ! grep -q 'mod_rewrite' "$HTACCESS"; then echo " AVISO: $HTACCESS sin mod_rewrite — agregá a mano antes de RewriteRule principal:" echo " RewriteRule ^bewpro-provision\\.php\$ - [L,NC]" return 0 fi local tmp tmp="$(mktemp)" awk ' /RewriteEngine On/ && !done { print print "" print " # BewPro: webhook de provisión (no redirigir a git-files/.../public)" print " RewriteRule ^bewpro-provision\\.php$ - [L,NC]" done=1 next } { print } ' "$HTACCESS" >"$tmp" mv "$tmp" "$HTACCESS" chown "${CPANEL_USER}:${CPANEL_USER}" "$HTACCESS" echo " .htaccess: insertada regla bewpro-provision.php (después de RewriteEngine On)" } # Idempotente: añade la regla del endpoint de estado si ya existía solo el webhook POST ensure_htaccess_bewpro_status_rule() { [[ -f "$HTACCESS" ]] || return 0 if grep -q 'bewpro-provision-status' "$HTACCESS"; then echo " .htaccess: ya incluye bewpro-provision-status.php" return 0 fi if ! grep -q 'bewpro-provision\.php' "$HTACCESS"; then return 0 fi local tmp tmp="$(mktemp)" awk ' /RewriteRule \^bewpro-provision\\.php\$/ { print print " RewriteRule ^bewpro-provision-status\\.php$ - [L,NC]" next } { print } ' "$HTACCESS" >"$tmp" mv "$tmp" "$HTACCESS" chown "${CPANEL_USER}:${CPANEL_USER}" "$HTACCESS" echo " .htaccess: insertada regla bewpro-provision-status.php (junto al webhook)" } ensure_htaccess_bewpro_rule ensure_htaccess_bewpro_status_rule # ── Cron root ──────────────────────────────────────────────────────────────── if crontab -l 2>/dev/null | grep -Fq "process_provision_queue.sh"; then echo " Cron: ya existe entrada process_provision_queue.sh" else ( crontab -l 2>/dev/null; echo "$CRON_LINE" ) | crontab - echo " Cron: agregado $CRON_LINE" fi # ── Recordatorio .env de la app Laravel (mismo servidor) ───────────────────── GIT_APP_ENV="${WEB_ROOT}/git-files/${GIT_FILES_DIR}/.env" if [[ -f "$GIT_APP_ENV" ]]; then if grep -q '^PROVISION_WEBHOOK_URL=' "$GIT_APP_ENV" 2>/dev/null; then echo " Laravel .env: ya define PROVISION_WEBHOOK_URL" else DOMAIN_GUESS="${CPANEL_USER}.bewpro.com" echo " AVISO: En $GIT_APP_ENV agregá (ajustá dominio):" echo " PROVISION_WEBHOOK_URL=https://${DOMAIN_GUESS}/bewpro-provision.php" echo " PROVISION_SECRET=" fi else echo " AVISO: No encontré $GIT_APP_ENV — configurá PROVISION_* en el .env del panel donde corre project-setup." fi echo "" echo "=== Listo. Probar webhook ===" echo "curl -s \"https://${CPANEL_USER}.bewpro.com/bewpro-provision.php?token=MAL\" " echo "# → {\"ok\":false,\"error\":\"Forbidden\"}" echo ""