mirror of
https://github.com/ncarlier/webhookd.git
synced 2025-04-07 21:47:09 +00:00
37 lines
948 B
Go
37 lines
948 B
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/go-fed/httpsig"
|
|
"github.com/ncarlier/webhookd/pkg/pubkey"
|
|
)
|
|
|
|
// HTTPSignature is a middleware to checks HTTP request signature
|
|
func HTTPSignature(trustStore pubkey.TrustStore) Middleware {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
verifier, err := httpsig.NewVerifier(r)
|
|
if err != nil {
|
|
w.WriteHeader(400)
|
|
w.Write([]byte("invalid HTTP signature: " + err.Error()))
|
|
return
|
|
}
|
|
pubKeyID := verifier.KeyId()
|
|
entry := trustStore.Get(pubKeyID)
|
|
if entry == nil {
|
|
w.WriteHeader(400)
|
|
w.Write([]byte("invalid HTTP signature: public key not found: " + pubKeyID))
|
|
return
|
|
}
|
|
err = verifier.Verify(entry.Pubkey, entry.Algorithm)
|
|
if err != nil {
|
|
w.WriteHeader(400)
|
|
w.Write([]byte("invalid HTTP signature: " + err.Error()))
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|