**feat(webhook):** add WEBHOOK_SECRET for token authentication support
All checks were successful
CI / build-test (push) Successful in 1m28s
All checks were successful
CI / build-test (push) Successful in 1m28s
- Protect `/webhook` endpoint using the `Authorization` header - Update `README.md` with setup instructions and examples for authentication - Warn when `WEBHOOK_SECRET` is not configured - Add tests for valid, missing, and invalid token scenarios - Update `docker-compose.yml` to support `WEBHOOK_SECRET` configuration
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
package diunwebhook
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
"database/sql"
|
||||
"encoding/json"
|
||||
"log"
|
||||
@@ -45,10 +46,15 @@ type UpdateEntry struct {
|
||||
}
|
||||
|
||||
var (
|
||||
mu sync.Mutex
|
||||
db *sql.DB
|
||||
mu sync.Mutex
|
||||
db *sql.DB
|
||||
webhookSecret string
|
||||
)
|
||||
|
||||
func SetWebhookSecret(secret string) {
|
||||
webhookSecret = secret
|
||||
}
|
||||
|
||||
func InitDB(path string) error {
|
||||
var err error
|
||||
db, err = sql.Open("sqlite", path)
|
||||
@@ -155,6 +161,14 @@ func GetUpdates() (map[string]UpdateEntry, error) {
|
||||
}
|
||||
|
||||
func WebhookHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if webhookSecret != "" {
|
||||
auth := r.Header.Get("Authorization")
|
||||
if subtle.ConstantTimeCompare([]byte(auth), []byte(webhookSecret)) != 1 {
|
||||
http.Error(w, "unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if r.Method != http.MethodPost {
|
||||
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user