From 06aa5a773dbc37f4246a356389646edb9b1c1516 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cynthia=20Revstr=C3=B6m?= <me@cynthia.re>
Date: Thu, 23 Apr 2020 12:40:25 +0200
Subject: Add authentication

---
 main.go | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index 8e84218..2a20dab 100644
--- a/main.go
+++ b/main.go
@@ -19,7 +19,8 @@ type cynciWebhookPayload struct {
 }
 
 type configJSON struct {
-	Handlers map[string]string `json:"handlers"`
+	Handlers      map[string]string `json:"handlers"`
+	WebhookTokens map[string]string `json:"webhook_tokens"` // map[token_name]token_value
 }
 
 var config configJSON
@@ -81,6 +82,10 @@ func executeHandler(repoName string) error {
 }
 
 func handleWebhookSrc(rw http.ResponseWriter, req *http.Request) {
+	if !validateTokenHeader(rw, req) {
+		return
+	}
+
 	var payload cynciWebhookPayload
 	err := json.NewDecoder(req.Body).Decode(&payload)
 	if err != nil {
@@ -96,6 +101,19 @@ func handleWebhookSrc(rw http.ResponseWriter, req *http.Request) {
 		http.Error(rw, "error", 500)
 		return
 	}
+}
+
+func validateTokenHeader(rw http.ResponseWriter, req *http.Request) bool {
+	tokenHeader := req.Header.Get("X-CynCI-Token")
+
+	for tokenName, token := range config.WebhookTokens {
+		if token == tokenHeader {
+			log.Printf("successful auth from: %s", tokenName)
+			return true
+		}
+	}
+
+	http.Error(rw, "Unauthorized", http.StatusUnauthorized)
 
-	log.Printf("%+v", payload)
+	return false
 }
-- 
cgit v1.2.3