auth token check

2024-09-11 17:51:56 +02:00 · 2024-09-11 17:51:56 +02:00 · c61d648294
commit c61d648294
parent 630803246c
1 changed files with 11 additions and 0 deletions
--- a/gitea-events-rabbitmq-publisher/main.go
+++ b/gitea-events-rabbitmq-publisher/main.go
@ -324,15 +324,18 @@ func parseRequestJSONOrg(reqType string, data []byte) (org *common.Organization,

 func main() {
 	var listenAddr string
+	var reqBearerToken string

 	flag.BoolVar(&DebugMode, "debug", false, "enables debugging messages")
 	flag.StringVar(&listenAddr, "listen", ListenAddrDef, "HTTP listen socket address for webhook events")
 	flag.StringVar(&topicScope, "topic-domain", DefTopicDomain, "Default domain for RabbitMQ topics")
+	flag.StringVar(&reqBearerToken, "token", "", "HTTP Bearer token to match")
 	flag.Parse()

 	log.Println("Starting....")
 	log.Printf("  * Debugging: %t\n", DebugMode)
 	log.Printf("  * Listening: %s\n", listenAddr)
+	log.Printf("  * Bearer token: %t\n", len(reqBearerToken) > 0)

 	connectToRabbitMQ()

@ -345,6 +348,14 @@ func main() {
 			return
 		}

+		if len(reqBearerToken) > 0 {
+			authToken := req.Header.Get("Authorization")
+			if len(authToken) != len(reqBearerToken)+7 || authToken[0:7] != "Bearer " || authToken[7:] != reqBearerToken {
+				log.Println("Invalid Authorization request...", authToken)
+				res.WriteHeader(http.StatusNetworkAuthenticationRequired)
+			}
+		}
+
 		hdr := req.Header[common.GiteaRequestHeader]
 		if len(hdr) != 1 {
 			res.WriteHeader(http.StatusInternalServerError)