mirrors/webhook
1
0
Fork 0
mirror of https://github.com/adnanh/webhook.git synced 2025-05-23 13:52:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add TLS version and cipher suites options

Browse source 
Default to TLS 1.2 and secure cipher suites.

Built for Go 1.13. Code in cipher_suites.go taken from Go tip commit
0ee22d9, which is scheduled for the upcoming Go 1.14 release.  Once Go
1.14 is released, we can remove this file and use the stdlib.

Fixes #244
This commit is contained in:
Cameron Moore 2019-12-03 15:13:12 -06:00
parent a617b1a6ac
commit 43f519a712
1 changed files with 19 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

26
webhook.go
View file

@ -1,6 +1,7 @@
package main package main
import ( import (
"crypto/tls"
"encoding/json" "encoding/json"
"flag" "flag"
"fmt" "fmt"
@ -18,7 +19,7 @@ import (
"github.com/codegangsta/negroni" "github.com/codegangsta/negroni"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/satori/go.uuid" uuid "github.com/satori/go.uuid"
fsnotify "gopkg.in/fsnotify.v1" fsnotify "gopkg.in/fsnotify.v1"
) )
@ -39,6 +40,8 @@ var (
cert = flag.String("cert", "cert.pem", "path to the HTTPS certificate pem file") cert = flag.String("cert", "cert.pem", "path to the HTTPS certificate pem file")
key = flag.String("key", "key.pem", "path to the HTTPS certificate private key pem file") key = flag.String("key", "key.pem", "path to the HTTPS certificate private key pem file")
justDisplayVersion = flag.Bool("version", false, "display webhook version and quit") justDisplayVersion = flag.Bool("version", false, "display webhook version and quit")
tlsMinVersion = flag.String("tls-min-version", "1.2", "minimum TLS version (1.0, 1.1, 1.2, 1.3)")
tlsCipherSuites = flag.String("cipher-suites", "", "comma-separated list of supported TLS cipher suites")
responseHeaders hook.ResponseHeaders responseHeaders hook.ResponseHeaders
hooksFiles hook.HooksFiles hooksFiles hook.HooksFiles
@ -194,18 +197,28 @@ func main() {
n.UseHandler(router) n.UseHandler(router)
if *secure { if !*secure {
log.Printf("serving hooks on https://%s:%d%s", *ip, *port, hooksURL)
log.Fatal(http.ListenAndServeTLS(fmt.Sprintf("%s:%d", *ip, *port), *cert, *key, n))
} else {
log.Printf("serving hooks on http://%s:%d%s", *ip, *port, hooksURL) log.Printf("serving hooks on http://%s:%d%s", *ip, *port, hooksURL)
log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", *ip, *port), n)) log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", *ip, *port), n))
} }
svr := &http.Server{
Addr: fmt.Sprintf("%s:%d", *ip, *port),
Handler: n,
TLSConfig: &tls.Config{
CipherSuites: getTLSCipherSuites(*tlsCipherSuites),
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
MinVersion: getTLSMinVersion(*tlsMinVersion),
PreferServerCipherSuites: true,
},
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0), // disable http/2
}
log.Printf("serving hooks on https://%s:%d%s", *ip, *port, hooksURL)
log.Fatal(svr.ListenAndServeTLS(*cert, *key))
} }
func hookHandler(w http.ResponseWriter, r *http.Request) { func hookHandler(w http.ResponseWriter, r *http.Request) {
// generate a request id for logging // generate a request id for logging
rid := uuid.NewV4().String()[:6] rid := uuid.NewV4().String()[:6]
@ -246,7 +259,6 @@ func hookHandler(w http.ResponseWriter, r *http.Request) {
decoder.UseNumber() decoder.UseNumber()
err := decoder.Decode(&payload) err := decoder.Decode(&payload)
if err != nil { if err != nil {
log.Printf("[%s] error parsing JSON payload %+v\n", rid, err) log.Printf("[%s] error parsing JSON payload %+v\n", rid, err)
} }