Webhook fix
James Peret
1 changed files with 30 additions and 1 deletions
+ 30
- 1
app/models/agents/webhook_agent.rb
@@ -52,12 +52,41 @@ module Agents |
||
| 52 | 52 |
secret = params.delete('secret')
|
| 53 | 53 |
return ["Not Authorized", 401] unless secret == options['secret'] |
| 54 | 54 |
|
| 55 |
+ # check the verbs |
|
| 56 |
+ # verbs = (interpolated['verbs'] || 'post').split(/,/).map { |x| x.strip.downcase }.select { |x| x.present? }
|
|
| 57 |
+ # return ["Please use #{verbs.join('/').upcase} requests only", 401] unless verbs.include?(method)
|
|
| 58 |
+ |
|
| 59 |
+ # check the reCAPTCHA response if required |
|
| 60 |
+ if recaptcha_secret = interpolated['recaptcha_secret'].presence |
|
| 61 |
+ recaptcha_response = params.delete('g-recaptcha-response') or
|
|
| 62 |
+ return ["Not Authorized", 401] |
|
| 63 |
+ |
|
| 64 |
+ parameters = {
|
|
| 65 |
+ secret: recaptcha_secret, |
|
| 66 |
+ response: recaptcha_response, |
|
| 67 |
+ } |
|
| 68 |
+ |
|
| 69 |
+ if boolify(interpolated['recaptcha_send_remote_addr']) |
|
| 70 |
+ parameters[:remoteip] = request.env['REMOTE_ADDR'] |
|
| 71 |
+ end |
|
| 72 |
+ |
|
| 73 |
+ begin |
|
| 74 |
+ response = faraday.post('https://www.google.com/recaptcha/api/siteverify',
|
|
| 75 |
+ parameters) |
|
| 76 |
+ rescue => e |
|
| 77 |
+ error "Verification failed: #{e.message}"
|
|
| 78 |
+ return ["Not Authorized", 401] |
|
| 79 |
+ end |
|
| 80 |
+ |
|
| 81 |
+ JSON.parse(response.body)['success'] or |
|
| 82 |
+ return ["Not Authorized", 401] |
|
| 83 |
+ end |
|
| 55 | 84 |
|
| 56 | 85 |
[payload_for(params)].flatten.each do |payload| |
| 57 | 86 |
create_event(payload: payload) |
| 58 | 87 |
end |
| 59 | 88 |
|
| 60 |
- [response_message, 201] |
|
| 89 |
+ [response_message, 200] |
|
| 61 | 90 |
end |
| 62 | 91 |
|
| 63 | 92 |
def working? |