Cameron Moore
a03e812615
Update HTTP methods to sanitize user input
2019-12-26 14:54:27 -06:00
Cameron Moore
c38778ba62
Add HTTP methods cli parameter
...
Allows to globally restrict HTTP methods.
Fixes #248
2019-12-26 14:54:27 -06:00
Cameron Moore
3414f34025
Add per-hook HTTP method restrictions
2019-12-26 14:54:01 -06:00
Adnan Hajdarević
66562fdb41
Merge pull request #379 from moorereason/feature/drop-privs
...
Add setuid and setgid options for dropping privileges
2019-12-26 20:48:07 +01:00
Cameron Moore
77159d9db6
Add setuid & setgid options
...
Only applicable on unix systems, although Go doesn't support Linux at
this time.
2019-12-26 10:30:31 -06:00
Cameron Moore
35d1cedc24
Rewrite server to use explicit listener
2019-12-26 10:29:14 -06:00
Adnan Hajdarević
f38dfbbf78
Merge pull request #373 from moorereason/feature/multipart
...
Add multipart form data support
2019-12-26 12:46:31 +01:00
Adnan Hajdarević
78b0610218
Merge pull request #378 from moorereason/feature/sighup
...
Add SIGHUP support
2019-12-26 12:46:12 +01:00
Cameron Moore
c6c270c7dd
Add SIGHUP support
...
Fixes #352
2019-12-25 14:10:57 -06:00
Cameron Moore
1c779a0d75
Update multipart form data logic
...
All form values are simply added to the payload map without processing.
JSON parsing of values happens later.
2019-12-25 09:08:23 -06:00
Cameron Moore
8702b37430
Add multipart form data examples
2019-12-25 09:05:15 -06:00
Cameron Moore
5b4e60e7d7
Add multipart form data section to README
2019-12-25 09:05:15 -06:00
Cameron Moore
93632d077c
Add multipart form data support
2019-12-25 09:05:15 -06:00
Adnan Hajdarević
cc5cbae14f
Merge pull request #376 from moorereason/feature/xml
...
Add XML payload support
2019-12-25 08:32:09 +01:00
Cameron Moore
779ff0ad10
Fix XML error message
2019-12-24 19:47:21 -06:00
Adnan Hajdarević
d8bd2662ff
Merge pull request #375 from moorereason/feature/gorilla-only
...
Use gorilla/mux for middleware and extend
2019-12-24 23:21:01 +01:00
Cameron Moore
28e0012470
Update XML docs
2019-12-24 16:09:55 -06:00
Cameron Moore
3463804a7c
Add XML payload support
...
Fixes #238
2019-12-24 15:58:49 -06:00
Cameron Moore
3f4520da67
Require Go 1.13+
2019-12-24 14:56:01 -06:00
Cameron Moore
be815d0a41
Use gorilla/mux for middleware and extend
...
- Use gorilla/mux for middleware.
- Add Dumper, RequestID, and Logger middlewares.
- Add makeURL helper
2019-12-24 11:57:26 -06:00
Adnan Hajdarević
93ce24d3f3
Merge pull request #371 from moorereason/feature/internal-hook
...
Make hook package internal
2019-12-23 09:34:48 +01:00
Cameron Moore
40d9dcd6d4
Make hook package internal
...
The hook package API is not meant for public consumption.
2019-12-21 11:55:42 -06:00
Adnan Hajdarević
c872aae7e8
Merge pull request #369 from moorereason/feature/gofrs-uuid
...
Use gofrs/uuid instead of satori/go.uuid
2019-12-19 07:52:43 +01:00
Cameron Moore
8ff3848ea3
Use gofrs/uuid instead of satori/go.uuid
...
The satori package appears to be unmaintained. The gofrs package is a
fork that is actively maintained by a larger group of Go developers.
2019-12-18 21:17:13 -06:00
Adnan Hajdarević
7b87d6092f
Merge pull request #368 from moorereason/feature/go-mod
...
Use Go modules
2019-12-18 10:52:56 +01:00
Cameron Moore
669414ca70
Use Go modules
...
Fixes #367
2019-12-17 12:34:59 -06:00
Adnan Hajdarevic
8fe6c9a05d
Update version to 2.6.11
2019-12-15 14:30:54 +01:00
Adnan Hajdarević
7c4e6e94fc
Merge pull request #365 from moorereason/feature/364-constant-time
...
Use constant time string compare for match value
2019-12-11 07:06:12 +01:00
Cameron Moore
31e76bcd00
Use constant time string compare for match value
...
Fixes #364
2019-12-10 22:22:13 -06:00
Adnan Hajdarević
c47c06e822
Merge pull request #363 from moorereason/feature/arm64-travisci
...
Add arm64 to Travis CI
2019-12-10 00:23:38 +01:00
Cameron Moore
bf3d042da6
Use master instead of tip
2019-12-09 16:57:55 -06:00
Cameron Moore
d05911cdcb
Add arm64 to Travis CI
2019-12-09 16:50:19 -06:00
Adnan Hajdarević
634ca84807
Merge pull request #362 from moorereason/feature/cipher-suites
...
Feature/cipher suites
2019-12-09 21:52:25 +01:00
Cameron Moore
8c46a8343b
Document minimum Go release
2019-12-05 17:01:38 -06:00
Cameron Moore
13d5630e80
Update docs for TLS version and cipher suite options
2019-12-03 21:36:14 -06:00
Cameron Moore
f1003560f1
Add list cipher suites support
2019-12-03 21:35:16 -06:00
Cameron Moore
997db04b9f
Require Go 1.12 or newer
...
Go 1.11 does not support TLS 1.3. To simplify cipher suite selection,
we now require at least Go 1.12.
2019-12-03 21:31:23 -06:00
Cameron Moore
769e743563
Add missing files
2019-12-03 15:21:18 -06:00
Cameron Moore
43f519a712
Add TLS version and cipher suites options
...
Default to TLS 1.2 and secure cipher suites.
Built for Go 1.13. Code in cipher_suites.go taken from Go tip commit
0ee22d9, which is scheduled for the upcoming Go 1.14 release. Once Go
1.14 is released, we can remove this file and use the stdlib.
Fixes #244
2019-12-03 15:13:12 -06:00
Adnan Hajdarević
a617b1a6ac
Merge pull request #361 from adnanh/feature/check-payload-hash-sha512
...
Add SHA512 payload check rule
2019-12-02 22:34:07 +01:00
Adnan Hajdarević
9117f4f6d6
Merge pull request #360 from adnanh/improvement/content-type-based-payload-parsing
...
Fix invalid assumption that multipart forms can be parsed in te same way as urlencoded forms.
2019-12-02 22:33:45 +01:00
Adnan Hajdarevic
b53996f175
Add tests for SHA512 payload hash check rule.
2019-12-02 19:49:56 +01:00
Adnan Hajdarevic
154177e46a
Add documentation for SHA512 payload hash check rule.
2019-12-02 19:49:34 +01:00
Adnan Hajdarevic
d4e98281d7
Add SHA512 payload check rule.
2019-12-02 19:48:59 +01:00
Adnan Hajdarevic
ce186487f4
Format the file using go fmt
.
2019-12-02 19:03:38 +01:00
Adnan Hajdarevic
1110f82443
Add test for unsupported content type error message.
2019-12-02 19:01:20 +01:00
Adnan Hajdarevic
a99abd4e6f
Fix invalid assumption in code that multipart forms can be parsed in the same way as urlencoded forms.
...
Refactored code to use switch-case statement over the `Content-Type` header and log unsupported content types instead of silently failing.
Also made the `x-www-form-urlencoded` content type handler more specific (as opposed to the previous code which looked for `form` occurence in the value),
as we need to use different logic for multipart forms, which we'll hopefully implement soon.
The issue with multipart forms that we have to handle first is that the files are being written to temporary files, and as such, for async hooks
webhook cannot guarantee they'll be available after we close the request; that, and the fact that we don't have code that will properly serialize
and pass such Golang objects to the script, as there are several fields which might be interesting to the end user.
2019-12-02 18:49:24 +01:00
Adnan Hajdarevic
34ae132930
Bump webhook version to 2.6.10
2019-09-24 19:45:40 +02:00
Adnan Hajdarevic
f993aaa11c
Merge branch 'master' into development
2019-09-24 19:35:31 +02:00
Adnan Hajdarević
d82e838554
Merge pull request #342 from moorereason/doc-content-type
...
Document incoming-payload-content-type hook setting
2019-09-21 11:50:46 +02:00