From 174524edeca5f91f604294647388c4363842a391 Mon Sep 17 00:00:00 2001 From: Jordi Salvat Date: Tue, 19 Feb 2019 13:53:16 +0100 Subject: [PATCH] Allow authenticating via query string parameter Since the Webhook API in Chrome & Firefox does not allow HTTP authentication nor adding headers. --- README.md | 7 +++++++ pkg/hookbot/auth.go | 35 ++++++++++++++++++++--------------- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 2c31224..eed3f39 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,13 @@ beginning with that prefix up to the `/`. For example a token valid for Query parameters (e.g, ``/foo?query-param`) and hostnames do not contribute to the MAC, only the path part of the URI. +If your websockets client does not support HTTP authentication, you can pass the +token as a parameter named "auth": + +``` +https://hookbot.scraperwiki.com/pub/foo/bar?auth=2e1150434ba1d8c33bce7c82ee08b5d9850342c7 +``` + Wider scope for publication keys -------------------------------- diff --git a/pkg/hookbot/auth.go b/pkg/hookbot/auth.go index 6e709d4..13325dc 100644 --- a/pkg/hookbot/auth.go +++ b/pkg/hookbot/auth.go @@ -43,26 +43,31 @@ func (h *Hookbot) IsKeyOK(w http.ResponseWriter, r *http.Request) bool { authorization := r.Header.Get("Authorization") fields := strings.Fields(authorization) - if len(fields) != 2 { - return false - } - - authType, givenKey := fields[0], fields[1] - var givenMac string - switch strings.ToLower(authType) { - default: - return false // Not understood - case "basic": - var ok bool - givenMac, _, ok = r.BasicAuth() - if !ok { + if len(fields) != 2 { + authParam := r.URL.Query()["auth"] + if len(authParam) != 1 { return false } + givenMac = authParam[0] + } else { + + authType, givenKey := fields[0], fields[1] + + switch strings.ToLower(authType) { + default: + return false // Not understood + case "basic": + var ok bool + givenMac, _, ok = r.BasicAuth() + if !ok { + return false + } - case "bearer": - givenMac = givenKey // No processing required + case "bearer": + givenMac = givenKey // No processing required + } } // Try all subpaths and see if any of them matches the given MAC.