Make webhook secret configurable

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2021-05-04 18:39:58 +02:00
parent e4800c921f
commit fb116bb29a
Signed by: luzifer
GPG key ID: 0066F03ED215AD7D
2 changed files with 8 additions and 4 deletions

View file

@ -28,11 +28,11 @@ var (
TwitchToken string `flag:"twitch-token" default:"" description:"OAuth token valid for client"`
UpdateFromAPIInterval time.Duration `flag:"update-from-api-interval" default:"10m" description:"How often to ask the API for real values"`
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
WebHookSecret string `flag:"webhook-secret" default:"" description:"Secret to use for HMAC hashing of webhook payload"`
WebHookTimeout time.Duration `flag:"webhook-timeout" default:"15m" description:"When to re-register the webhooks"`
}{}
store *storage
webhookSecret = uuid.Must(uuid.NewV4()).String()
version = "dev"
)
@ -53,6 +53,10 @@ func init() {
} else {
log.SetLevel(l)
}
if cfg.WebHookSecret == "" {
cfg.WebHookSecret = uuid.Must(uuid.NewV4()).String()
}
}
func main() {

View file

@ -54,7 +54,7 @@ func handleWebHookPush(w http.ResponseWriter, r *http.Request) {
return
}
mac := hmac.New(sha256.New, []byte(webhookSecret))
mac := hmac.New(sha256.New, []byte(cfg.WebHookSecret))
mac.Write(body.Bytes())
if cSig := fmt.Sprintf("sha256=%x", mac.Sum(nil)); cSig != signature {
log.Errorf("Got message signature %s, expected %s", signature, cSig)
@ -173,7 +173,7 @@ func registerWebHooks() error {
"hub.mode": "subscribe",
"hub.topic": topic,
"hub.lease_seconds": int64((cfg.WebHookTimeout + twitchRequestTimeout) / time.Second),
"hub.secret": webhookSecret,
"hub.secret": cfg.WebHookSecret,
}); err != nil {
return errors.Wrap(err, "assemble subscribe payload")
}