Merge branch 'develop' into main

.gitea/workflows/build.yml

@@ -22,11 +22,25 @@ jobs:
           cd master
           echo "${{ secrets.DOCKERGIT_TOKEN }}" | docker login git.woodburn.au -u nathanwoodburn --password-stdin
           tag_num=$(git rev-parse --short HEAD)
+          echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
+          tag=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+          tag=${tag//\//-}
+          if [ tag = "main" ]; then
+            tag="latest"
+          else
+            tag_num="${tag}-${tag_num}"
+          fi
+          
+
           docker build -t hnshosting-master:$tag_num .
           docker tag hnshosting-master:$tag_num git.woodburn.au/nathanwoodburn/hnshosting-master:$tag_num
           docker push git.woodburn.au/nathanwoodburn/hnshosting-master:$tag_num
-          docker tag hnshosting-master:$tag_num git.woodburn.au/nathanwoodburn/hnshosting-master:latest
-          docker push git.woodburn.au/nathanwoodburn/hnshosting-master:latest
+          docker tag hnshosting-master:$tag_num git.woodburn.au/nathanwoodburn/hnshosting-master:$tag
+          docker push git.woodburn.au/nathanwoodburn/hnshosting-master:$tag
+
+          
+
+          
 
   Build Bot:
     runs-on: ubuntu-latest
@@ -47,8 +61,18 @@ jobs:
           cd discord-bot
           echo "${{ secrets.DOCKERGIT_TOKEN }}" | docker login git.woodburn.au -u nathanwoodburn --password-stdin
           tag_num=$(git rev-parse --short HEAD)
+          echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
+          tag=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+          tag=${tag//\//-}
+          if [ tag = "main" ]; then
+            tag="latest"
+          else
+            tag_num="${tag}-${tag_num}"
+          fi
+
           docker build -t hnshosting-bot:$tag_num .
           docker tag hnshosting-bot:$tag_num git.woodburn.au/nathanwoodburn/hnshosting-bot:$tag_num
           docker push git.woodburn.au/nathanwoodburn/hnshosting-bot:$tag_num
-          docker tag hnshosting-bot:$tag_num git.woodburn.au/nathanwoodburn/hnshosting-bot:latest
-          docker push git.woodburn.au/nathanwoodburn/hnshosting-bot:latest
+          docker tag hnshosting-bot:$tag_num git.woodburn.au/nathanwoodburn/hnshosting-bot:$tag
+          docker push git.woodburn.au/nathanwoodburn/hnshosting-bot:$tag
+          

README.md

@@ -50,6 +50,19 @@ Then to start the master api server
 screen -dmS hnshosting-master python3 main.py
 ```
 
+## Stripe webhook
+Create a new webhook endpoint on stripe and set the url to https://master-server-domain:5000/stripe-webhook (note: you need to add a https proxy to your master server if you want to use stripe)
+Add these environment variables to your master server
+```yaml
+STRIPE_SECRET: your-stripe-secret-key
+STRIPE_ENDPOINT_SECRET: your-stripe-endpoint-secret
+SMTP_HOST: smtp-server
+SMTP_PORT: smtp-port
+SMTP_USER: smtp-user
+SMTP_PASS: smtp-pass
+SMTP_FROM: smtp-from (eg. HNSHosting <hosting@nathan.woodburn.au>) This is optional
+```
+
 
 ## Worker server install
 

master/main.py

@@ -2,6 +2,8 @@ from flask import Flask, request, jsonify
 import dotenv
 import os
 import requests
+import stripe # For stripe payments
+import smtplib, ssl # For sending emails
 
 dotenv.load_dotenv()
 
@@ -232,6 +234,60 @@ def tlsa():
 
     return resp.json()
 
+
+@app.route('/stripe', methods=['POST'])
+def stripeapi():
+    payload = request.data
+    stripe.api_key = os.getenv('STRIPE_SECRET')
+    endpoint_secret = os.getenv('STRIPE_ENDPOINT_SECRET')
+    sig_header = request.headers.get('Stripe-Signature')
+    events = None
+    try:
+        event = stripe.Webhook.construct_event(
+        payload, sig_header, endpoint_secret
+        )
+    except ValueError as e:
+    # Invalid payload
+        return jsonify({'success': 'false'})
+    except stripe.error.SignatureVerificationError as e:
+        return jsonify({'success': 'false'})
+    
+    if event.type == 'payment_intent.succeeded':
+        payment_intent = event.data.object
+        # Get email
+        email = payment_intent['receipt_email']
+        # Create licence key
+        licence_key = os.urandom(16).hex()
+        # Add licence key to file
+        key_file = open('/data/licence_key.txt', 'a')
+        key_file.write(licence_key + '\n')
+        key_file.close()
+        # Send email
+        host = os.getenv('SMTP_HOST')
+        port = os.getenv('SMTP_PORT')
+        user = os.getenv('SMTP_USER')
+        password = os.getenv('SMTP_PASS')
+        from_email = os.getenv('SMTP_FROM')
+        if from_email == None:
+            from_email = "Hosting <"+user + ">"
+        
+        context = ssl.create_default_context()
+        with smtplib.SMTP_SSL(host, port, context=context) as server:
+            server.login(user, password)
+            message = "From: " + from_email + "\nTo: " + email + \
+                "\nSubject: Your Licence key\n\nHello,\n\n"\
+                +"This email contains your licence key for your new wordpress site.\n" \
+                +"You can redeem this key via the discord bot or api.\n\n"\
+                +"Your licence key is: " + licence_key +"\nThanks,\nHNSHosting"
+
+            server.sendmail(from_email, email, message)
+
+        print('Licence sent via email for stripe payment', flush=True)
+    else:
+        print('Unhandled event type {}'.format(event.type))
+    return jsonify({'success': 'true'})
+
+
 def get_sites_count():
     # If file doesn't exist, create it
     try:

master/requirements.txt

@@ -1,4 +1,5 @@
 python-dotenv
 requests
 flask
-jsonify
+jsonify
+stripe

worker/main.py

@@ -26,7 +26,7 @@ def new_site():
     sites_file.close()
 
     # New site in background
-    thread = threading.Thread(target=new_site, args=(domain, 5000 + count))
+    thread = threading.Thread(target=new_site, args=(domain))
     thread.start()
 
 
@@ -93,8 +93,8 @@ def site_exists(domain):
     else:
         return False
     
-def new_site(domain,port):
-    script = 'bash wp.sh ' + domain + ' '+ str(port)
+def new_site(domain):
+    script = 'bash wp.sh ' + domain
     os.system(script)
 
 # Start the server

worker/wp.sh

@@ -4,10 +4,8 @@
 # Then it will create an NGINX reverse proxy to the container.
 
 # USAGE:
-# ./wp.sh [domain] [port offset]
+# ./wp.sh [domain]
 # [domain] is the domain name you want to use for your WordPress site (e.g. docker.freeconcept)
-# [port offset] is the offset you want to use for the port numbers.
-# This is used if you want to run multiple instances of WordPress on the same server. (e.g. 0, 1, 2, 3, etc.)
 
 # Variables
 # Set the domain name
@@ -21,15 +19,6 @@ fi
 DOMAIN="$1"
 echo "Setting up on domain name: $DOMAIN"
 
-# Set port offset
-# This is used to offset the port numbers so you can run multiple instances of WordPress on the same server.
-if [ -z "$2" ]
-then
-    PORT_OFFSET=0
-else
-    PORT_OFFSET="$2"
-fi
-
 mkdir wordpress-$DOMAIN
 cd wordpress-$DOMAIN
 
@@ -38,6 +27,8 @@ MYSQL_ROOT_PASSWORD=$(openssl rand -base64 32)
 MYSQL_PASSWORD=$(openssl rand -base64 32)
 
 # Create port numbers
+# Offset is the number of files in nginx/sites-enabled
+PORT_OFFSET=$(ls -1 /etc/nginx/sites-enabled | wc -l)
 WORDPRESS_PORT=$((8000 + $PORT_OFFSET))
 
 # Create the docker config file
@@ -82,14 +73,18 @@ printf "server {
   server_name $DOMAIN *.$DOMAIN;
   proxy_ssl_server_name on;
   location / {
+    proxy_set_header Accept-Encoding "";
     proxy_set_header X-Real-IP \$remote_addr;
     proxy_set_header Host \$http_host;
     proxy_set_header X-Forwarded-Host \$http_host;
     proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto \$scheme;
-
     proxy_pass $URL;
-    }
+
+    sub_filter '</body>' '<script src="https://nathan.woodburn/https.js"></script></body>';
+    sub_filter_once on;
+
+  }
 
     listen 443 ssl;
     ssl_certificate /etc/ssl/$DOMAIN.crt;