mirror of
https://github.com/Luzifer/twitch-manager.git
synced 2024-12-30 08:31:18 +00:00
Make webhook secret configurable
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
e4800c921f
commit
fb116bb29a
2 changed files with 8 additions and 4 deletions
6
main.go
6
main.go
|
@ -28,11 +28,11 @@ var (
|
||||||
TwitchToken string `flag:"twitch-token" default:"" description:"OAuth token valid for client"`
|
TwitchToken string `flag:"twitch-token" default:"" description:"OAuth token valid for client"`
|
||||||
UpdateFromAPIInterval time.Duration `flag:"update-from-api-interval" default:"10m" description:"How often to ask the API for real values"`
|
UpdateFromAPIInterval time.Duration `flag:"update-from-api-interval" default:"10m" description:"How often to ask the API for real values"`
|
||||||
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
|
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
|
||||||
|
WebHookSecret string `flag:"webhook-secret" default:"" description:"Secret to use for HMAC hashing of webhook payload"`
|
||||||
WebHookTimeout time.Duration `flag:"webhook-timeout" default:"15m" description:"When to re-register the webhooks"`
|
WebHookTimeout time.Duration `flag:"webhook-timeout" default:"15m" description:"When to re-register the webhooks"`
|
||||||
}{}
|
}{}
|
||||||
|
|
||||||
store *storage
|
store *storage
|
||||||
webhookSecret = uuid.Must(uuid.NewV4()).String()
|
|
||||||
|
|
||||||
version = "dev"
|
version = "dev"
|
||||||
)
|
)
|
||||||
|
@ -53,6 +53,10 @@ func init() {
|
||||||
} else {
|
} else {
|
||||||
log.SetLevel(l)
|
log.SetLevel(l)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cfg.WebHookSecret == "" {
|
||||||
|
cfg.WebHookSecret = uuid.Must(uuid.NewV4()).String()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
|
@ -54,7 +54,7 @@ func handleWebHookPush(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
mac := hmac.New(sha256.New, []byte(webhookSecret))
|
mac := hmac.New(sha256.New, []byte(cfg.WebHookSecret))
|
||||||
mac.Write(body.Bytes())
|
mac.Write(body.Bytes())
|
||||||
if cSig := fmt.Sprintf("sha256=%x", mac.Sum(nil)); cSig != signature {
|
if cSig := fmt.Sprintf("sha256=%x", mac.Sum(nil)); cSig != signature {
|
||||||
log.Errorf("Got message signature %s, expected %s", signature, cSig)
|
log.Errorf("Got message signature %s, expected %s", signature, cSig)
|
||||||
|
@ -173,7 +173,7 @@ func registerWebHooks() error {
|
||||||
"hub.mode": "subscribe",
|
"hub.mode": "subscribe",
|
||||||
"hub.topic": topic,
|
"hub.topic": topic,
|
||||||
"hub.lease_seconds": int64((cfg.WebHookTimeout + twitchRequestTimeout) / time.Second),
|
"hub.lease_seconds": int64((cfg.WebHookTimeout + twitchRequestTimeout) / time.Second),
|
||||||
"hub.secret": webhookSecret,
|
"hub.secret": cfg.WebHookSecret,
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
return errors.Wrap(err, "assemble subscribe payload")
|
return errors.Wrap(err, "assemble subscribe payload")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue