peter/websub-hub
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Add signature for subscribers with secrets

Browse Source
This commit is contained in:
Peter Stuifzand 2018-01-30 21:23:11 +01:00
parent bde593b909
commit 1890431f4e
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/hubserver/main.go
View File

@ -1,6 +1,8 @@
package main package main
import ( import (
"crypto/hmac"
"crypto/sha1"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
@ -26,6 +28,7 @@ func randStringBytes(n int) string {
type Subscriber struct { type Subscriber struct {
Callback string Callback string
LeaseSeconds int64 LeaseSeconds int64
Secret string
} }
type subscriptionHandler struct { type subscriptionHandler struct {
@ -41,10 +44,13 @@ func (handler *subscriptionHandler) handlePublish(w http.ResponseWriter, r *http
if err != nil { if err != nil {
return err return err
} }
defer res.Body.Close()
feedContent, err := ioutil.ReadAll(res.Body)
if subs, e := handler.Subscribers[topic]; e { if subs, e := handler.Subscribers[topic]; e {
for _, sub := range subs { for _, sub := range subs {
req, err := http.NewRequest("POST", sub.Callback, res.Body) req, err := http.NewRequest("POST", sub.Callback, nil)
if err != nil { if err != nil {
log.Printf("While creating request to %s: %s", sub.Callback, err) log.Printf("While creating request to %s: %s", sub.Callback, err)
continue continue
@ -56,6 +62,12 @@ func (handler *subscriptionHandler) handlePublish(w http.ResponseWriter, r *http
"https://hub.stuifzandapp.com/", "https://hub.stuifzandapp.com/",
topic, topic,
)) ))
if sub.Secret != "" {
mac := hmac.New(sha1.New, []byte(sub.Secret))
mac.Write(feedContent)
signature := mac.Sum(nil)
req.Header.Add("X-Hub-Signature", fmt.Sprintf("sha1=%s", signature))
}
res, err = client.Do(req) res, err = client.Do(req)
if err != nil { if err != nil {
log.Printf("While POSTing to %s: %s", sub.Callback, err) log.Printf("While POSTing to %s: %s", sub.Callback, err)
@ -78,7 +90,7 @@ func (handler *subscriptionHandler) handleSubscription(w http.ResponseWriter, r
return nil return nil
} }
//secret := r.Form.Get("hub.secret") secret := r.Form.Get("hub.secret")
callbackURL, err := url.Parse(callback) callbackURL, err := url.Parse(callback)
if err != nil { if err != nil {
return err return err
@ -107,7 +119,7 @@ func (handler *subscriptionHandler) handleSubscription(w http.ResponseWriter, r
if validateURL(validationURL.String(), ourChallenge) { if validateURL(validationURL.String(), ourChallenge) {
// challenge accepted // challenge accepted
handler.addSubscriberCallback(topicURL.String(), Subscriber{callbackURL.String(), leaseSeconds}) handler.addSubscriberCallback(topicURL.String(), Subscriber{callbackURL.String(), leaseSeconds, secret})
} }
}() }()