diff options
| -rw-r--r-- | main.go | 22 |
1 files changed, 20 insertions, 2 deletions
@@ -19,7 +19,8 @@ type cynciWebhookPayload struct { } type configJSON struct { - Handlers map[string]string `json:"handlers"` + Handlers map[string]string `json:"handlers"` + WebhookTokens map[string]string `json:"webhook_tokens"` // map[token_name]token_value } var config configJSON @@ -81,6 +82,10 @@ func executeHandler(repoName string) error { } func handleWebhookSrc(rw http.ResponseWriter, req *http.Request) { + if !validateTokenHeader(rw, req) { + return + } + var payload cynciWebhookPayload err := json.NewDecoder(req.Body).Decode(&payload) if err != nil { @@ -96,6 +101,19 @@ func handleWebhookSrc(rw http.ResponseWriter, req *http.Request) { http.Error(rw, "error", 500) return } +} + +func validateTokenHeader(rw http.ResponseWriter, req *http.Request) bool { + tokenHeader := req.Header.Get("X-CynCI-Token") + + for tokenName, token := range config.WebhookTokens { + if token == tokenHeader { + log.Printf("successful auth from: %s", tokenName) + return true + } + } + + http.Error(rw, "Unauthorized", http.StatusUnauthorized) - log.Printf("%+v", payload) + return false } |