From fb116bb29ad803bc48f260c2f94678dc32338850 Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Tue, 4 May 2021 18:39:58 +0200 Subject: [PATCH] Make webhook secret configurable Signed-off-by: Knut Ahlers --- main.go | 8 ++++++-- webhook.go | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index fff3aee..595ea31 100644 --- a/main.go +++ b/main.go @@ -28,11 +28,11 @@ var ( TwitchToken string `flag:"twitch-token" default:"" description:"OAuth token valid for client"` UpdateFromAPIInterval time.Duration `flag:"update-from-api-interval" default:"10m" description:"How often to ask the API for real values"` VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"` + WebHookSecret string `flag:"webhook-secret" default:"" description:"Secret to use for HMAC hashing of webhook payload"` WebHookTimeout time.Duration `flag:"webhook-timeout" default:"15m" description:"When to re-register the webhooks"` }{} - store *storage - webhookSecret = uuid.Must(uuid.NewV4()).String() + store *storage version = "dev" ) @@ -53,6 +53,10 @@ func init() { } else { log.SetLevel(l) } + + if cfg.WebHookSecret == "" { + cfg.WebHookSecret = uuid.Must(uuid.NewV4()).String() + } } func main() { diff --git a/webhook.go b/webhook.go index f50f056..86817b5 100644 --- a/webhook.go +++ b/webhook.go @@ -54,7 +54,7 @@ func handleWebHookPush(w http.ResponseWriter, r *http.Request) { return } - mac := hmac.New(sha256.New, []byte(webhookSecret)) + mac := hmac.New(sha256.New, []byte(cfg.WebHookSecret)) mac.Write(body.Bytes()) if cSig := fmt.Sprintf("sha256=%x", mac.Sum(nil)); cSig != signature { log.Errorf("Got message signature %s, expected %s", signature, cSig) @@ -173,7 +173,7 @@ func registerWebHooks() error { "hub.mode": "subscribe", "hub.topic": topic, "hub.lease_seconds": int64((cfg.WebHookTimeout + twitchRequestTimeout) / time.Second), - "hub.secret": webhookSecret, + "hub.secret": cfg.WebHookSecret, }); err != nil { return errors.Wrap(err, "assemble subscribe payload") }