Remove the useless 'secret key', since it doesn't add any more security than the path.
This commit is contained in:
parent
c1594e73f4
commit
0b8134bbcf
3 changed files with 11 additions and 28 deletions
|
@ -13,10 +13,9 @@ import (
|
|||
type webhook struct {
|
||||
Name string
|
||||
Path string
|
||||
SecretKey string `yaml:"secret_key"`
|
||||
NumSwitches int `yaml:"num_switches"`
|
||||
MomentarySwitches []int `yaml:"momentary_switches"`
|
||||
SwitchStates []int `json:switch_states`
|
||||
NumSwitches int `yaml:"num_switches"`
|
||||
MomentarySwitches []int `yaml:"momentary_switches"`
|
||||
SwitchStates []int `json:switch_states`
|
||||
}
|
||||
|
||||
func debug(msg string, args ...interface{}) {
|
||||
|
@ -54,23 +53,6 @@ func runServer() {
|
|||
|
||||
func makeWebhookHandler(hook webhook) func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// authentication check
|
||||
keys, ok := r.URL.Query()["key"]
|
||||
if !ok || len(keys) == 0 {
|
||||
log.Printf("No key found for webhook: %s", hook.Name)
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
providedKey := keys[0]
|
||||
|
||||
if providedKey == "" || providedKey != hook.SecretKey {
|
||||
log.Printf("Failed to authenticate request for webhook: %s", hook.Name)
|
||||
debug("Got key '%s', expected key '%s'", providedKey, hook.SecretKey)
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// now actually handle the request
|
||||
if r.Method == "GET" {
|
||||
webhookRead(hook, w, r)
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue