webhook

package
v0.0.0-...-bc12874 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2024 License: BSD-3-Clause Imports: 12 Imported by: 3

Documentation

Overview

Utility methods for implementing authenticated webhooks.

All requests must either be over a private channel (e.g. https) or must be idempotent and return no data. Requests sent via an open channel (e.g. http) could be resent by an attacker.

Index

Constants

View Source
const REQUEST_AUTH_HASH_HEADER = "X-Webhook-Auth-Hash"

Required header for requests to a webhook authenticated using AuthenticateRequest. The value must be set to the result of ComputeAuthHashBase64.

Variables

This section is empty.

Functions

func AuthenticateRequest

func AuthenticateRequest(r *http.Request) ([]byte, error)

Authenticates a webhook request.

  • If an error occurs reading r.Body, returns nil and the error.
  • If the request could not be authenticated as a webhook request, returns the contents of r.Body and an error.
  • Otherwise, returns the contents of r.Body and nil.

In all cases, closes r.Body.

func ComputeAuthHashBase64

func ComputeAuthHashBase64(data []byte) (string, error)

Computes the value for REQUEST_AUTH_HASH_HEADER from the request body. Returns error if requestSalt has not been initialized. The result is the base64-encoded SHA-512 hash of the request body with requestSalt appended.

func InitRequestSaltForTesting

func InitRequestSaltForTesting()

InitRequestSaltForTesting sets requestSalt to "notverysecret". Should be called once at startup when running in test mode.

To test a webhook endpoint using curl, the following commands should work: $ DATA='my post request' $ AUTH="$(echo -n "${DATA}notverysecret" | sha512sum | xxd -r -p - | base64 -w 0)" $ curl -v -H "X-Webhook-Auth-Hash: $AUTH" -d "$DATA" http://localhost:8000/endpoint

func InitRequestSaltFromFile

func InitRequestSaltFromFile(filename string) error

InitRequestSaltFromFile reads requestSalt from the given file and returns any error encountered. Should be called once at startup.

func InitRequestSaltFromMetadata

func InitRequestSaltFromMetadata(metadataKey string) error

InitRequestSaltFromMetadata reads requestSalt from the specified project metadata and returns any error encountered. Should be called once at startup.

func InitRequestSaltFromSecret

func InitRequestSaltFromSecret(project, secretName string) error

InitRequestSaltFromSecret reads requestSalt from the specified GCP secret and returns any error encountered. Should be called once at startup.

func MustInitRequestSaltFromFile

func MustInitRequestSaltFromFile(filename string)

MustInitRequestSaltFromFile reads requestSalt from the given file. Exits the program on error. Should be called once at startup.

func MustInitRequestSaltFromMetadata

func MustInitRequestSaltFromMetadata(metadataKey string)

MustInitRequestSaltFromMetadata reads requestSalt from the specified project metadata. Exits the program on error. Should be called once at startup.

func MustInitRequestSaltFromSecret

func MustInitRequestSaltFromSecret(project, secret string)

MustInitRequestSaltFromSecret reads requestSalt from the specified GCP secret. Exits the program on error. Should be called once at startup.

func NewRequest

func NewRequest(method, urlStr string, body []byte) (*http.Request, error)

NewRequest is similar to http.NewRequest, but adds the REQUEST_AUTH_HASH_HEADER for authentication.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL