mirror of
https://github.com/adnanh/webhook.git
synced 2025-05-23 13:52:29 +00:00
Add TLS version and cipher suites options
Default to TLS 1.2 and secure cipher suites. Built for Go 1.13. Code in cipher_suites.go taken from Go tip commit 0ee22d9, which is scheduled for the upcoming Go 1.14 release. Once Go 1.14 is released, we can remove this file and use the stdlib. Fixes #244
This commit is contained in:
Cameron Moore
parent
a617b1a6ac
commit
43f519a712
1 changed files with 19 additions and 7 deletions
26
webhook.go
26
webhook.go
|
|
@ -1,6 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"flag"
|
||||
"fmt"
|
||||
|
|
@ -18,7 +19,7 @@ import (
|
|||
|
||||
"github.com/codegangsta/negroni"
|
||||
"github.com/gorilla/mux"
|
||||
"github.com/satori/go.uuid"
|
||||
uuid "github.com/satori/go.uuid"
|
||||
|
||||
fsnotify "gopkg.in/fsnotify.v1"
|
||||
)
|
||||
|
|
@ -39,6 +40,8 @@ var (
|
|||
cert = flag.String("cert", "cert.pem", "path to the HTTPS certificate pem file")
|
||||
key = flag.String("key", "key.pem", "path to the HTTPS certificate private key pem file")
|
||||
justDisplayVersion = flag.Bool("version", false, "display webhook version and quit")
|
||||
tlsMinVersion = flag.String("tls-min-version", "1.2", "minimum TLS version (1.0, 1.1, 1.2, 1.3)")
|
||||
tlsCipherSuites = flag.String("cipher-suites", "", "comma-separated list of supported TLS cipher suites")
|
||||
|
||||
responseHeaders hook.ResponseHeaders
|
||||
hooksFiles hook.HooksFiles
|
||||
|
|
@ -194,18 +197,28 @@ func main() {
|
|||
|
||||
n.UseHandler(router)
|
||||
|
||||
if *secure {
|
||||
log.Printf("serving hooks on https://%s:%d%s", *ip, *port, hooksURL)
|
||||
log.Fatal(http.ListenAndServeTLS(fmt.Sprintf("%s:%d", *ip, *port), *cert, *key, n))
|
||||
} else {
|
||||
if !*secure {
|
||||
log.Printf("serving hooks on http://%s:%d%s", *ip, *port, hooksURL)
|
||||
log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", *ip, *port), n))
|
||||
}
|
||||
|
||||
svr := &http.Server{
|
||||
Addr: fmt.Sprintf("%s:%d", *ip, *port),
|
||||
Handler: n,
|
||||
TLSConfig: &tls.Config{
|
||||
CipherSuites: getTLSCipherSuites(*tlsCipherSuites),
|
||||
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
|
||||
MinVersion: getTLSMinVersion(*tlsMinVersion),
|
||||
PreferServerCipherSuites: true,
|
||||
},
|
||||
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0), // disable http/2
|
||||
}
|
||||
|
||||
log.Printf("serving hooks on https://%s:%d%s", *ip, *port, hooksURL)
|
||||
log.Fatal(svr.ListenAndServeTLS(*cert, *key))
|
||||
}
|
||||
|
||||
func hookHandler(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// generate a request id for logging
|
||||
rid := uuid.NewV4().String()[:6]
|
||||
|
||||
|
|
@ -246,7 +259,6 @@ func hookHandler(w http.ResponseWriter, r *http.Request) {
|
|||
decoder.UseNumber()
|
||||
|
||||
err := decoder.Decode(&payload)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("[%s] error parsing JSON payload %+v\n", rid, err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue