Remove the useless 'secret key', since it doesn't add any more security than the path.

This commit is contained in:
Anna Rose Wiggins 2020-05-13 22:11:07 +00:00
parent c1594e73f4
commit 0b8134bbcf
3 changed files with 11 additions and 28 deletions

View file

@ -13,10 +13,9 @@ import (
type webhook struct {
Name string
Path string
SecretKey string `yaml:"secret_key"`
NumSwitches int `yaml:"num_switches"`
MomentarySwitches []int `yaml:"momentary_switches"`
SwitchStates []int `json:switch_states`
NumSwitches int `yaml:"num_switches"`
MomentarySwitches []int `yaml:"momentary_switches"`
SwitchStates []int `json:switch_states`
}
func debug(msg string, args ...interface{}) {
@ -54,23 +53,6 @@ func runServer() {
func makeWebhookHandler(hook webhook) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
// authentication check
keys, ok := r.URL.Query()["key"]
if !ok || len(keys) == 0 {
log.Printf("No key found for webhook: %s", hook.Name)
http.NotFound(w, r)
return
}
providedKey := keys[0]
if providedKey == "" || providedKey != hook.SecretKey {
log.Printf("Failed to authenticate request for webhook: %s", hook.Name)
debug("Got key '%s', expected key '%s'", providedKey, hook.SecretKey)
http.NotFound(w, r)
return
}
// now actually handle the request
if r.Method == "GET" {
webhookRead(hook, w, r)