diff options
| author | Cynthia Revström <me@cynthia.re> | 2020-04-23 12:40:25 +0200 |
|---|---|---|
| committer | Cynthia Revström <me@cynthia.re> | 2020-04-23 12:40:25 +0200 |
| commit | 06aa5a773dbc37f4246a356389646edb9b1c1516 (patch) | |
| tree | ebb15fe5f6e7612f9c0f2024fc3b5644e9e1b5e6 | |
| parent | bc0505fea55be609db88708fdc2d59ab43498cf9 (diff) | |
Add authentication
| -rw-r--r-- | main.go | 22 |
1 files changed, 20 insertions, 2 deletions
@@ -19,7 +19,8 @@ type cynciWebhookPayload struct { } type configJSON struct { - Handlers map[string]string `json:"handlers"` + Handlers map[string]string `json:"handlers"` + WebhookTokens map[string]string `json:"webhook_tokens"` // map[token_name]token_value } var config configJSON @@ -81,6 +82,10 @@ func executeHandler(repoName string) error { } func handleWebhookSrc(rw http.ResponseWriter, req *http.Request) { + if !validateTokenHeader(rw, req) { + return + } + var payload cynciWebhookPayload err := json.NewDecoder(req.Body).Decode(&payload) if err != nil { @@ -96,6 +101,19 @@ func handleWebhookSrc(rw http.ResponseWriter, req *http.Request) { http.Error(rw, "error", 500) return } +} + +func validateTokenHeader(rw http.ResponseWriter, req *http.Request) bool { + tokenHeader := req.Header.Get("X-CynCI-Token") + + for tokenName, token := range config.WebhookTokens { + if token == tokenHeader { + log.Printf("successful auth from: %s", tokenName) + return true + } + } + + http.Error(rw, "Unauthorized", http.StatusUnauthorized) - log.Printf("%+v", payload) + return false } |