Merge pull request #161 from reload/harden

Harden code against potential nil panics
reload · Nov 25, 2023 · 78fda1c · 78fda1c
2 parents 4846ba4 + 0039b98
commit 78fda1c
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/function.go b/function.go
@@ -22,7 +22,8 @@ func Handle(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 
-	if !isAuthorized(r.URL.Query().Get("token")) {
+	query := r.URL.Query()
+	if (query == nil) || !isAuthorized(query.Get("token")) {
 		http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 
 		return
@@ -51,16 +52,15 @@ func Handle(w http.ResponseWriter, r *http.Request) {
 	}
 
 	event, err := webhook.ParseEvent(payload)
-
-	log.Printf("Processing DNSimple event with request ID %q", event.RequestID)
-
 	if err != nil {
 		log.Printf("Could not parse webhook name: %s", err.Error())
 		notify.Send(fmt.Sprintf("Could not parse webhook name: %s", err.Error()), nil)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 
+	log.Printf("Processing DNSimple event with request ID %q", event.RequestID)
+
 	if event.Name != "dnssec.rotation_start" && event.Name != "dnssec.rotation_complete" {
 		log.Printf("Not a rotation event: %s", event.Name)
 		// It's OK if this is not a DNSSEC rotation event. We