Hooker is a lightweight PHP web application that can be used to trigger remote workflows (such as automated deployments) on your Linux or UNIX based servers.
For added security the global and per-site configurations should have the ability to set an array of allowed IP addresses that are allowed to 'hit' the hook.
In addition to that I will hard code and maintain a list of GitHub and BitBucket IP addresses for ease of use as per their documentation.
The ability to add their own IP addresses will enable users using on-prem Git hosting, CI services or other less-known services to configure additional security.
At present the script is kept very simple but as some Git hosting provides provide more information on their Hook configuration (like ability to highlight issues, trigger alerts etc) I'll ensure that in the event of an error a suitable HTTP status is sent with the response instead of the default behavior or sending a 200 each time.
In the same way that GitHub does, BitBucket has multiple event types fired through it's Web hooks API, this feature is to enable "push" events only from their Webhooks API in the same way that I recently added for GitHub.
Add support for a separate configuration file for those who wish to automate script updates and don't have the requirement for a single file installation.
GitHub uses a single web hook for various tasks, this feature will enable that as a configuration item the user can specify that the repo is a "github" repo of which will then add additional checking to ensure that the hook only executes on a "push" or "release" event in order to limit excessive load on the users web/application server(s) etc.
Currently the requestHeader() function appears to fail detecting HTTP request headers which is causing hooker.php to silently die in a production environment.
Need to debug and check this function and ensure that it is not a PHP-FPM specific issue causing this.
Currently the workaround for users is to simple set the 'is_{service}' configuration parameter to 'false' to bypass the hook event header checking.