diff --git a/cmd/smartswitch-server/main.go b/cmd/smartswitch-server/main.go index b05598a..02e9316 100644 --- a/cmd/smartswitch-server/main.go +++ b/cmd/smartswitch-server/main.go @@ -13,10 +13,9 @@ import ( type webhook struct { Name string Path string - SecretKey string `yaml:"secret_key"` - NumSwitches int `yaml:"num_switches"` - MomentarySwitches []int `yaml:"momentary_switches"` - SwitchStates []int `json:switch_states` + NumSwitches int `yaml:"num_switches"` + MomentarySwitches []int `yaml:"momentary_switches"` + SwitchStates []int `json:switch_states` } func debug(msg string, args ...interface{}) { @@ -54,23 +53,6 @@ func runServer() { func makeWebhookHandler(hook webhook) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { - // authentication check - keys, ok := r.URL.Query()["key"] - if !ok || len(keys) == 0 { - log.Printf("No key found for webhook: %s", hook.Name) - http.NotFound(w, r) - return - } - providedKey := keys[0] - - if providedKey == "" || providedKey != hook.SecretKey { - log.Printf("Failed to authenticate request for webhook: %s", hook.Name) - debug("Got key '%s', expected key '%s'", providedKey, hook.SecretKey) - http.NotFound(w, r) - return - } - - // now actually handle the request if r.Method == "GET" { webhookRead(hook, w, r) diff --git a/readme.md b/readme.md index ad88936..6da207d 100644 --- a/readme.md +++ b/readme.md @@ -14,8 +14,7 @@ The server can be configured via the following environment variables: The webhooks configuration file should be an array of entries with the following keys: * name - A human-readable name that explains the webhook's purpose. -* path - The webhook will be served by the app at this path. -* secret_key - An authentication value for reading and writing to the webhook. This must be included in all requests. (see Usage for format) +* path - The webhook will be served by the app at this path. **Treat this as a secret value.** * num_switches - the number of data points / indexes expected with each POST. * momentary_switches - an array of any indexes that refer to 'momentary' switches. The value of these indexes will be reset to 0 after the next GET request to the webhook. @@ -37,7 +36,7 @@ And run with: A dockerfile is also included, along with a sample docker-compose.yml demonstrating how the server might be run in a containerized environment. -Note that you SHOULD always run this service behind a TLS-encrypted proxy. Using plain http WILL expose your secret keys. +Note that you SHOULD always run this service behind a TLS-encrypted proxy. Using plain http WILL expose your secrets. ## Usage @@ -45,7 +44,7 @@ Note that you SHOULD always run this service behind a TLS-encrypted proxy. Using To read the current webhook data, simply send a GET to the webhook URL, with the `key` parameter appropriately set. Example: ``` -curl -x GET "https://example.com/WEBHOOK_PATH?key=WEBHOOK_KEY +curl -x GET "https://example.com/WEBHOOK_PATH ``` To write data, send a POST to the same URL, with a json-formatted body in the following format: @@ -53,3 +52,8 @@ To write data, send a POST to the same URL, with a json-formatted body in the fo ``` [value0, value1, value2, ...] ``` + + +## Future Development + +* Use a more robust secret than "the URL is hidden behind TLS." Maybe client-side x509 certs. diff --git a/webhooks.yml.example b/webhooks.yml.example index f72983a..e9b0c5d 100644 --- a/webhooks.yml.example +++ b/webhooks.yml.example @@ -3,7 +3,6 @@ # 0 again. - name: Momentary Switch path: Path_0 - secret_key: SecretKey_0 num_switches: 1 momentary_switches: - 0 @@ -12,14 +11,12 @@ # written value - name: Three Latched Switches path: Path_1 - secret_key: SecretKey_1 num_switches: 3 momentary_switches: # The first and 3rd data point on this webhook are momentary switches. The other 3 are latched. - name: Mix of Types path: Path_2 - secret_key: SecretKey_2 num_switches: 5 momentary_switches: - 0