Merge pull request #3 from izqui/webhook-secret

Add webhook secret security measure
2017-06-15 10:03:12 +02:00 · 2017-06-15 10:03:12 +02:00 · 5cb709084d
parent 6678064cc0 5f31785e99
commit 5cb709084d
2 changed files with 4 additions and 2 deletions
--- a/1
+++ b/1
@ -5,3 +5,4 @@ EXPOSE 8080

 ENV NAME autobounty
 ENV STANDARD_BOUNTY 0.001
+ENV WEBHOOK_SECRET test
--- a/index.js
+++ b/index.js
@ -4,7 +4,7 @@
 * awards that bounty to the address posted earlier in the thread (by the
 * commiteth bot).
 * TODO tests
- * REVIEW parsing, non-persisting storage of addresses, hardcoded string length. 
+ * REVIEW parsing, non-persisting storage of addresses, hardcoded string length.
 * Depends on commiteth version as of 2017-06-10.
 */

@ -14,6 +14,7 @@ const Eth = require('ethjs-query');

 const address = process.env.ADDRESS;
 const name = process.env.NAME;
+const webhook_secret = process.env.WEBHOOK_SECRET;

 const provider = new SignerProvider(process.env.NODE, {
  signTransaction: (rawTx, cb) => cb(null, sign(rawTx, process.env.KEY)),
@ -33,7 +34,7 @@ app.use(cors());
 var issueData = {};

 // Receive a POST request at the address specified by an env. var.
-app.post('/' + address.toString(), jsonParser, function(req, res, next){
+app.post(`/comment/${webhook_secret}`, jsonParser, function(req, res, next){
  if (!req.body)
    return res.sendStatus(400);
  var commentBody = req.body.comment.body;