Add X-Signature-Ed25519 support

Question

Add X-Signature-Ed25519 support

simoniz0r opened this issue 2 years ago · comments

~~Sorry if the title is a little unclear, but I couldn't think of a better way to describe this.~~

Basically, I would like to be able to set the HTTP response with the shell's exit codes. Shell exit codes don't go high enough to handle all of the HTTP response codes, so I think the easiest way to deal with that would be to simply insert a 0 in the middle of the shell's exit code. So, if my program exits with a code of 24, the HTTP response code would be 204. If my program exits with a code of 41, the HTTP response code would be 401. A 0 exit code could probably be an HTTP response code of 200, and any exit codes that would result in an invalid HTTP response could probably just be HTTP response code 400 or something like that.

My reasoning behind this is that I would like to use webhookd as an easy way to setup a Discord bot that would receive its interactions via the outgoing webhook option provided by Discord. In order to do this, I would need to be able to respond to some requests with a HTTP response code of 401 if the signature in the header doesn't pass validation as described here.

Thank you for all of the work you've put into webhookd!

:EDIT: Original idea not feasible, changed to request X-Signature-Ed25519 support instead.

Regarding your "reasoning behind this" it's maybe another story. Webhookd currently supports HTTP Signature. I could add X-Signature-Ed25519 support, so Webhookd would be compatible with Discord (and other services using this type of signature). Would this fulfill your initial need?

Nicolas Carlier · Answer 1 · Tue Dec 27 2022 16:38:25 GMT+0800 (China Standard Time)

Hello, thank you for your interest in this project.
I understand the need but it is hardly feasible. The script execution is returned in real time by Webhookd using a streamed HTTP response. Actually, the HTTP code is already sent before the script execution starts.
In order to handle the HTTP response code, Webhookd must execute the script, block the response until the script is complete, and send the response code for the result.
If you need this kind of control, I suggest you use a CGI Module.

Regarding your "reasoning behind this" it's maybe another story. Webhookd currently supports HTTP Signature. I could add X-Signature-Ed25519 support, so Webhookd would be compatible with Discord (and other services using this type of signature). Would this fulfill your initial need?

Syretia · Answer 2 · Wed Dec 28 2022 16:06:41 GMT+0800 (China Standard Time)

That would probably work, yes.

Nicolas Carlier · Answer 3 · Fri Dec 30 2022 01:24:10 GMT+0800 (China Standard Time)

The Ed25519 signature method is now supported. Can you tell me if it works well with Discord?

Syretia · Answer 4 · Fri Dec 30 2022 16:12:55 GMT+0800 (China Standard Time)

Thanks for the quick turnaround; I will test it this weekend!