**feat(webhook):** add WEBHOOK_SECRET for token authentication support
All checks were successful
CI / build-test (push) Successful in 1m28s
All checks were successful
CI / build-test (push) Successful in 1m28s
- Protect `/webhook` endpoint using the `Authorization` header - Update `README.md` with setup instructions and examples for authentication - Warn when `WEBHOOK_SECRET` is not configured - Add tests for valid, missing, and invalid token scenarios - Update `docker-compose.yml` to support `WEBHOOK_SECRET` configuration
This commit is contained in:
@@ -54,6 +54,10 @@ The app is a Go HTTP server that receives [DIUN](https://crazymax.dev/diun/) web
|
||||
- `PUT /api/tag-assignments` — assign an image to a tag
|
||||
- `DELETE /api/tag-assignments` — unassign an image from its tag
|
||||
|
||||
**Environment variables:**
|
||||
- `PORT` — listen port (default `8080`)
|
||||
- `WEBHOOK_SECRET` — when set, every `POST /webhook` must include a matching `Authorization` header; when unset, the webhook is open (a warning is logged at startup)
|
||||
|
||||
**Key data flow:**
|
||||
1. DIUN POSTs JSON to `/webhook` → `WebhookHandler` decodes into `DiunEvent` → upserted into `updates` table (latest event per image wins, resets acknowledged state)
|
||||
2. React SPA polls `GET /api/updates` every 5 s → `UpdatesHandler` returns map of `UpdateEntry` (includes event, received time, acknowledged flag, and optional tag)
|
||||
|
||||
Reference in New Issue
Block a user