Skip to content

Commit ccf153e

Browse files
lleadbetlleadbet
authored
Merge pull request #115 from twitchdev/bugfix/warn-on-secret-length
Error on invalid secret length
2 parents d628aaa + 429af86 commit ccf153e

File tree

2 files changed

+44
-29
lines changed

2 files changed

+44
-29
lines changed

cmd/events.go

+18-3
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ func init() {
7878
// flags for forwarding functionality/changing payloads
7979
triggerCmd.Flags().StringVarP(&forwardAddress, "forward-address", "F", "", "Forward address for mock event.")
8080
triggerCmd.Flags().StringVarP(&transport, "transport", "T", "eventsub", fmt.Sprintf("Preferred transport method for event. Defaults to /EventSub.\nSupported values: %s", events.ValidTransports()))
81-
triggerCmd.Flags().StringVarP(&secret, "secret", "s", "", "Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC.")
81+
triggerCmd.Flags().StringVarP(&secret, "secret", "s", "", "Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC and must be 10-100 characters in length.")
8282

8383
// per-topic flags
8484
triggerCmd.Flags().StringVarP(&toUser, "to-user", "t", "", "User ID of the receiver of the event. For example, the user that receives a follow. In most contexts, this is the broadcaster.")
@@ -96,13 +96,13 @@ func init() {
9696
// retrigger flags
9797
retriggerCmd.Flags().StringVarP(&forwardAddress, "forward-address", "F", "", "Forward address for mock event.")
9898
retriggerCmd.Flags().StringVarP(&eventID, "id", "i", "", "ID of the event to be refired.")
99-
retriggerCmd.Flags().StringVarP(&secret, "secret", "s", "", "Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC.")
99+
retriggerCmd.Flags().StringVarP(&secret, "secret", "s", "", "Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC and must be 10-100 characters in length.")
100100
retriggerCmd.MarkFlagRequired("id")
101101

102102
// verify-subscription flags
103103
verifyCmd.Flags().StringVarP(&forwardAddress, "forward-address", "F", "", "Forward address for mock event.")
104104
verifyCmd.Flags().StringVarP(&transport, "transport", "T", "eventsub", fmt.Sprintf("Preferred transport method for event. Defaults to EventSub.\nSupported values: %s", events.ValidTransports()))
105-
verifyCmd.Flags().StringVarP(&secret, "secret", "s", "", "Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC.")
105+
verifyCmd.Flags().StringVarP(&secret, "secret", "s", "", "Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC and must be 10-100 characters in length.")
106106
verifyCmd.MarkFlagRequired("forward-address")
107107
}
108108

@@ -112,6 +112,11 @@ func triggerCmdRun(cmd *cobra.Command, args []string) {
112112
return
113113
}
114114

115+
if secret != "" && (len(secret) < 10 || len(secret) > 100) {
116+
fmt.Println("Invalid secret provided. Secrets must be between 10-100 characters")
117+
return
118+
}
119+
115120
// Validate that the forward address is actually a URL
116121
if len(forwardAddress) > 0 {
117122
_, err := url.ParseRequestURI(forwardAddress)
@@ -149,6 +154,11 @@ func triggerCmdRun(cmd *cobra.Command, args []string) {
149154
}
150155

151156
func retriggerCmdRun(cmd *cobra.Command, args []string) {
157+
if secret != "" && (len(secret) < 10 || len(secret) > 100) {
158+
fmt.Println("Invalid secret provided. Secrets must be between 10-100 characters")
159+
return
160+
}
161+
152162
res, err := trigger.RefireEvent(eventID, trigger.TriggerParameters{
153163
ForwardAddress: forwardAddress,
154164
Secret: secret,
@@ -167,6 +177,11 @@ func verifyCmdRun(cmd *cobra.Command, args []string) {
167177
return
168178
}
169179

180+
if secret != "" && (len(secret) < 10 || len(secret) > 100) {
181+
fmt.Println("Invalid secret provided. Secrets must be between 10-100 characters")
182+
return
183+
}
184+
170185
// Validate that the forward address is actually a URL
171186
if len(forwardAddress) > 0 {
172187
_, err := url.ParseRequestURI(forwardAddress)

docs/event.md

+26-26
Original file line numberDiff line numberDiff line change
@@ -57,22 +57,22 @@ Used to either create or send mock events for use with local webhooks testing.
5757

5858
**Flags**
5959

60-
Flag | Shorthand | Description | Example | Required? (Y/N)
61-
---------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------|-----------------
62-
`--forward-address` | `-F` | Web server address for where to send mock events. | `-F https://localhost:8080` | N
63-
`--transport` | `-T` | The method used to send events. Default is `eventsub`, but can send using `websub`. | `-T websub` | N
64-
`--to-user` | `-t` | Denotes the receiver's TUID of the event, usually the broadcaster. | `-t 44635596` | N
65-
`--from-user` | `-f` | Denotes the sender's TUID of the event, for example the user that follows another user or the subscriber to a broadcaster. | `-f 44635596` | N
66-
`--gift-user` | `-g` | Used only for subcription-based events, denotes the gifting user ID | `-g 44635596` | N
67-
`--secret` | `-s` | Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC. | `-s testsecret` | N
68-
`--count` | `-c` | Count of events to fire. This can be used to simulate an influx of events. | `-c 100` | N
69-
`--anonymous` | `-a` | If the event is anonymous. Only applies to `gift` and `cheer` events. | `-a` | N
70-
`--status` | `-S` | Status of the event object, currently applies to channel points redemptions. | `-S fulfilled` | N
71-
`--item-id` | `-i` | Manually set the ID of the event payload item (for example the reward ID in redemption events or game in stream events). | `-i 032e4a6c-4aef-11eb-a9f5-1f703d1f0b92` | N
72-
`--item-name` | `-n` | Manually set the name of the event payload item (for example the reward ID in redemption events or game name in stream events). | `-n "Science & Technology"` | N
73-
`--cost` | `-C` | Amount of bits or channel points redeemed/used in the event. | `-C 250` | N
74-
`--description` | `-d` | Title the stream should be updated/started with. | `-d Awesome new title!` | N
75-
`--game-id` | `-G` | Game ID for Drop or other relevant events. | `-G 1234` | N
60+
| Flag | Shorthand | Description | Example | Required? (Y/N) |
61+
|---------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------|-----------------|
62+
| `--forward-address` | `-F` | Web server address for where to send mock events. | `-F https://localhost:8080` | N |
63+
| `--transport` | `-T` | The method used to send events. Default is `eventsub`, but can send using `websub`. | `-T websub` | N |
64+
| `--to-user` | `-t` | Denotes the receiver's TUID of the event, usually the broadcaster. | `-t 44635596` | N |
65+
| `--from-user` | `-f` | Denotes the sender's TUID of the event, for example the user that follows another user or the subscriber to a broadcaster. | `-f 44635596` | N |
66+
| `--gift-user` | `-g` | Used only for subcription-based events, denotes the gifting user ID | `-g 44635596` | N |
67+
| `--secret` | `-s` | Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC and must be 10-100 characters in length. | `-s testsecret` | N |
68+
| `--count` | `-c` | Count of events to fire. This can be used to simulate an influx of events. | `-c 100` | N |
69+
| `--anonymous` | `-a` | If the event is anonymous. Only applies to `gift` and `cheer` events. | `-a` | N |
70+
| `--status` | `-S` | Status of the event object, currently applies to channel points redemptions. | `-S fulfilled` | N |
71+
| `--item-id` | `-i` | Manually set the ID of the event payload item (for example the reward ID in redemption events or game in stream events). | `-i 032e4a6c-4aef-11eb-a9f5-1f703d1f0b92` | N |
72+
| `--item-name` | `-n` | Manually set the name of the event payload item (for example the reward ID in redemption events or game name in stream events). | `-n "Science & Technology"` | N |
73+
| `--cost` | `-C` | Amount of bits or channel points redeemed/used in the event. | `-C 250` | N |
74+
| `--description` | `-d` | Title the stream should be updated/started with. | `-d Awesome new title!` | N |
75+
| `--game-id` | `-G` | Game ID for Drop or other relevant events. | `-G 1234` | N |
7676

7777

7878

@@ -106,11 +106,11 @@ None
106106

107107
**Flags**
108108

109-
| Flag | Shorthand | Description | Example | Required? (Y/N) |
110-
| ------------------- | --------- | ---------------------------------------------------------------------------- | --------------------------- | --------------- |
111-
| `--forward-address` | `-F` | Web server address for where to send mock events. | `-F https://localhost:8080` | N |
112-
| `--id` | `-i` | The ID of the event to refire. | `-i <id>` | Y |
113-
| `--secret` | `-s` | Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC. | `-s testsecret` | N |
109+
| Flag | Shorthand | Description | Example | Required? (Y/N) |
110+
|---------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|-----------------|
111+
| `--forward-address` | `-F` | Web server address for where to send mock events. | `-F https://localhost:8080` | N |
112+
| `--id` | `-i` | The ID of the event to refire. | `-i <id>` | Y |
113+
| `--secret` | `-s` | Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC and must be 10-100 characters in length. | `-s testsecret` | N |
114114

115115
**Examples**
116116

@@ -163,11 +163,11 @@ Allows you to test if your webserver responds to subscription requests properly.
163163

164164
**Flags**
165165

166-
| Flag | Shorthand | Description | Example | Required? (Y/N) |
167-
| ------------------- | --------- | ------------------------------------------------------------------------------- | --------------------------- | --------------- |
168-
| `--forward-address` | `-F` | Web server address for where to send mock subscription. | `-F https://localhost:8080` | Y |
169-
| `--secret` | `-s` | Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC. | `-s testsecret` | N |
170-
| `--transport` | `-T` | The method used to send events. Default is eventsub, but can send using websub. | `-T websub` | N |
166+
| Flag | Shorthand | Description | Example | Required? (Y/N) |
167+
|---------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|-----------------|
168+
| `--forward-address` | `-F` | Web server address for where to send mock subscription. | `-F https://localhost:8080` | Y |
169+
| `--secret` | `-s` | Webhook secret. If defined, signs all forwarded events with the SHA256 HMAC and must be 10-100 characters in length. | `-s testsecret` | N |
170+
| `--transport` | `-T` | The method used to send events. Default is eventsub, but can send using websub. | `-T websub` | N |
171171

172172
**Examples**
173173

0 commit comments

Comments
 (0)