From 5f31785e9972bf33b57d3a1e33cc6fd8d925e8c4 Mon Sep 17 00:00:00 2001 From: Jorge Izquierdo Date: Wed, 14 Jun 2017 14:34:26 +0200 Subject: [PATCH] Add webhook secret security measure --- Dockerfile | 1 + index.js | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9c69de5..fe504b2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,3 +5,4 @@ EXPOSE 8080 ENV NAME autobounty ENV STANDARD_BOUNTY 0.001 +ENV WEBHOOK_SECRET test diff --git a/index.js b/index.js index 5d1f62d..f3a432a 100644 --- a/index.js +++ b/index.js @@ -4,7 +4,7 @@ * awards that bounty to the address posted earlier in the thread (by the * commiteth bot). * TODO tests - * REVIEW parsing, non-persisting storage of addresses, hardcoded string length. + * REVIEW parsing, non-persisting storage of addresses, hardcoded string length. * Depends on commiteth version as of 2017-06-10. */ @@ -14,6 +14,7 @@ const Eth = require('ethjs-query'); const address = process.env.ADDRESS; const name = process.env.NAME; +const webhook_secret = process.env.WEBHOOK_SECRET; const provider = new SignerProvider(process.env.NODE, { signTransaction: (rawTx, cb) => cb(null, sign(rawTx, process.env.KEY)), @@ -33,7 +34,7 @@ app.use(cors()); var issueData = {}; // Receive a POST request at the address specified by an env. var. -app.post('/' + address.toString(), jsonParser, function(req, res, next){ +app.post(`/comment/${webhook_secret}`, jsonParser, function(req, res, next){ if (!req.body) return res.sendStatus(400); var commentBody = req.body.comment.body;