Compare commits
2 Commits
293031fe38
...
2d8807685c
| Author | SHA1 | Date | |
|---|---|---|---|
|
2d8807685c | ||
|
|
716f0e528b |
23
cmd/reqecho/main.go
Normal file
23
cmd/reqecho/main.go
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httputil"
|
||||||
|
"os"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
http.ListenAndServe(":3369", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
b, err := httputil.DumpRequest(r, true)
|
||||||
|
fmt.Printf("%v\n%s\n\n", err, b)
|
||||||
|
f, err := os.Create("prev.txt")
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
if _, err := f.Write(b); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
os.Exit(0)
|
||||||
|
}))
|
||||||
|
}
|
||||||
55
twitch/webhook.go
Normal file
55
twitch/webhook.go
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
package twitch
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto/hmac"
|
||||||
|
"crypto/rand"
|
||||||
|
"crypto/sha256"
|
||||||
|
"encoding/hex"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"sync"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ErrVerificationFailed is the error returned when a webhook request does not
|
||||||
|
// verify correctly.
|
||||||
|
var ErrVerificationFailed = errors.New("Twitch webhook verification failed") //lint:ignore ST1005 Twitch is a proper noun
|
||||||
|
|
||||||
|
// Receive verifies a Twitch webhook request against the given secret
|
||||||
|
// and appends the request body to b.
|
||||||
|
// The maximum allowed request length is 1 MB.
|
||||||
|
func Receive(b, secret []byte, req *http.Request) ([]byte, error) {
|
||||||
|
r := io.LimitReader(req.Body, 1<<20)
|
||||||
|
w := bytes.NewBuffer(b)
|
||||||
|
if _, err := io.Copy(w, r); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
b = w.Bytes()
|
||||||
|
|
||||||
|
h := hmac.New(sha256.New, secret)
|
||||||
|
io.WriteString(h, req.Header.Get("Twitch-Eventsub-Message-Id"))
|
||||||
|
io.WriteString(h, req.Header.Get("Twitch-Eventsub-Message-Timestamp"))
|
||||||
|
h.Write(b)
|
||||||
|
want := make([]byte, 0, len("sha256=")+sha256.Size*2)
|
||||||
|
want = append(want, "sha256="...)
|
||||||
|
sum := h.Sum(make([]byte, 0, sha256.Size))
|
||||||
|
want = hex.AppendEncode(want, sum)
|
||||||
|
|
||||||
|
got := req.Header.Get("Twitch-Eventsub-Message-Signature")
|
||||||
|
if !hmac.Equal(want, []byte(got)) {
|
||||||
|
fmt.Printf("req message id: %q\n", req.Header.Get("Twitch-Eventsub-Message-Id"))
|
||||||
|
fmt.Printf("req timestamp: %q\n", req.Header.Get("Twitch-Eventsub-Message-Timestamp"))
|
||||||
|
fmt.Printf("req body: %q\n", b)
|
||||||
|
return nil, fmt.Errorf("%w: computed %q, header has %q", ErrVerificationFailed, want, got)
|
||||||
|
}
|
||||||
|
return b, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Secret returns a process-wide secret for webhook subscriptions.
|
||||||
|
var Secret = sync.OnceValue(func() []byte {
|
||||||
|
b := make([]byte, 32)
|
||||||
|
rand.Read(b)
|
||||||
|
return hex.AppendEncode(make([]byte, 0, 64), b)
|
||||||
|
})
|
||||||
50
twitch/webhook_test.go
Normal file
50
twitch/webhook_test.go
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
package twitch_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http/httptest"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"git.sunturtle.xyz/zephyr/kaiyan/twitch"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestReceive(t *testing.T) {
|
||||||
|
// Request generated by Twitch CLI using "gotohhitori" as the secret.
|
||||||
|
// This should pass.
|
||||||
|
body := `{"subscription":{"id":"0dd34bc7-6631-b1d8-4306-18a49c3b3ba8","status":"enabled","type":"user.authorization.grant","version":"1","condition":{"client_id":"689a99bb72fc9d068f7089ab1c8104"},"transport":{"method":"webhook","callback":"null"},"created_at":"2025-04-08T16:54:43.7141633Z","cost":1},"event":{"user_id":"16396008","user_login":"testFromUser","user_name":"testFromUser","client_id":"689a99bb72fc9d068f7089ab1c8104"}}`
|
||||||
|
req := httptest.NewRequest("POST", "http://bocchi.rocks/", strings.NewReader(body))
|
||||||
|
header := map[string]string{
|
||||||
|
"Accept-Encoding": "gzip",
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
"Twitch-Eventsub-Message-Id": "7d5c6ab3-74a3-3583-b0c1-d33ca5490910",
|
||||||
|
"Twitch-Eventsub-Message-Retry": "0",
|
||||||
|
"Twitch-Eventsub-Message-Signature": "sha256=2f409c88eb8e8515f22b2bfb50dc97f6ff3fde7986d3a6013030e55840e5c8b8",
|
||||||
|
"Twitch-Eventsub-Message-Timestamp": "2025-04-08T16:54:43.7141633Z",
|
||||||
|
"Twitch-Eventsub-Message-Type": "notification",
|
||||||
|
"Twitch-Eventsub-Subscription-Type": "user.authorization.grant",
|
||||||
|
"Twitch-Eventsub-Subscription-Version": "1",
|
||||||
|
"User-Agent": "twitch-cli/source",
|
||||||
|
}
|
||||||
|
for k, v := range header {
|
||||||
|
req.Header.Set(k, v)
|
||||||
|
}
|
||||||
|
got, err := twitch.Receive(nil, []byte("gotohhitori"), req)
|
||||||
|
if err != nil {
|
||||||
|
t.Error(err)
|
||||||
|
}
|
||||||
|
if string(got) != body {
|
||||||
|
t.Errorf("wrong body:\nwant %q\ngot %q", body, got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestSecret(t *testing.T) {
|
||||||
|
got := twitch.Secret()
|
||||||
|
if len(got) < 10 || len(got) > 100 {
|
||||||
|
t.Errorf("secret has invalid length %d", len(got))
|
||||||
|
}
|
||||||
|
for _, c := range got {
|
||||||
|
if c < 0x20 || c > 0x7f {
|
||||||
|
t.Errorf("secret contains invalid character %q", rune(c))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user