add HMAC validation and comman-line flags (#1)

vbyazilim · Jun 22, 2024 · 52b9651 · 52b9651
1 parent b595212
commit 52b9651
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -16,7 +16,10 @@ You can download via;
 ```bash
 $ go install github.com/vbyazilim/basichttpdebugger@latest     # install latest binary
 $ basichttpdebugger                                            # listens at :9000
-$ HOST=":8000" basichttpdebugger                               # listens at :8000
+$ basichttpdebugger -listen ":8000"                            # listens at :8000
+
+# HMAC validation, listens at :8000, check http header name: "X-HEADER-NAME" for HMAC validation.
+$ basichttpdebugger -listen ":8000" -hmac-secret "YOURSECRET" -hmac-header-name "X-HEADER-NAME"
 ```
 
 Clone the repo and run it locally;
@@ -25,15 +28,31 @@ Clone the repo and run it locally;
 $ cd /path/to/go/develompent/
 $ git clone github.com/vbyazilim/basichttpdebugger
 $ cd basichttpdebugger/
-$ go run .                # listens at :9000
-$ HOST=":8000" go run .   # listens at :8000
+$ go run .                  # listens at :9000
+$ go run . -listen ":8000"  # listens at :8000
 
 # or
-$ rake
+$ rake                    # listens at :9000
+$ HOST=":8000" rake       # listens at :8000
+
+# HMAC validation, listens at :8000, check http header name: "X-HEADER-NAME" for HMAC validation.
+$ HOST=":8000" HMAC_SECRET="YOURSECRET" HMAC_HEADER="X-HEADER-NAME" rake
 ```
 
 ---
 
+## Change Log
+
+**2024-06-22**
+
+- remove environment variables from source. only `rake` task requires
+  environment variables
+- add command-line flags: `-listen`, `-hmac-secret`, `-hmac-header-name`,
+  `-h`, `--help`
+- add HMAC validation indicator
+
+---
+
 ## TODO
 
 - Add http form requests support
@@ -46,6 +65,7 @@ $ rake
 ```bash
 $ rake -T
 
+rake                    # runs default task
 rake release[revision]  # release new version major,minor,patch, default: patch
 rake run                # run server (default port 9000)
 ```

diff --git a/Rakefile b/Rakefile
@@ -3,7 +3,16 @@ task :default => [:run]
 desc "run server (default port 9000)"
 task :run do
   host = ENV['HOST'] || ":9000"
-  system %{ HOST=#{host} go run . }
+  secret = ENV['HMAC_SECRET']
+  header = ENV['HMAC_HEADER']
+
+  cmd_args = ["-listen", host]
+  cmd_args << "-hmac-secret" << secret if secret
+  cmd_args << "-hmac-header-name" << header if header
+
+  puts "#{cmd_args}"
+
+  system %{ go run . #{cmd_args.join(" ")} }
 end
 
 

diff --git a/main.go b/main.go
@@ -1,11 +1,14 @@
 package main
 
 import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"flag"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
-	"os"
 	"strings"
 	"time"
 )
@@ -27,8 +30,6 @@ func printHeaders(h http.Header) {
 	fmt.Println()
 }
 
-type server struct{}
-
 func (s *server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	fmt.Println(strings.Repeat("-", 80))
 	fmt.Println("method ...... ", r.Method)
@@ -50,26 +51,48 @@ func (s *server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			fmt.Println(bodyStr)
 			fmt.Println(strings.Repeat(".", 40))
 		}
+		if *optHMACSecret != "" && *optHMACHeader != "" {
+			fmt.Println()
+			fmt.Println("hmac validation ........................")
+
+			signature := r.Header.Get(*optHMACHeader)
+			h := hmac.New(sha256.New, []byte(*optHMACSecret))
+			h.Write(body)
+
+			expectedSignature := hex.EncodeToString(h.Sum(nil))
+			fmt.Println("expected signature...", expectedSignature)
+			fmt.Println("incoming signature...", signature)
+			fmt.Println("is valid?............", hmac.Equal([]byte(expectedSignature), []byte(signature)))
+			fmt.Println(strings.Repeat(".", 40))
+		}
 	}
 	fmt.Println(strings.Repeat("-", 80))
 	fmt.Println()
-	fmt.Fprintf(w, "OK")
+	_, _ = fmt.Fprintf(w, "OK")
 }
 
+var (
+	optHMACSecret *string
+	optHMACHeader *string
+	optListenADDR *string
+)
+
+type server struct{}
+
 func main() {
-	host := os.Getenv("HOST")
-	if host == "" {
-		host = ":9000"
-	}
+	optHMACSecret = flag.String("hmac-secret", "", "HMAC secret")
+	optHMACHeader = flag.String("hmac-header-name", "", "Signature response header name")
+	optListenADDR = flag.String("listen", ":9000", "Listen address, default: ':9000'")
+	flag.Parse()
 
 	srv := &http.Server{
-		Addr:         host,
+		Addr:         *optListenADDR,
 		Handler:      new(server),
 		ReadTimeout:  5 * time.Second,
 		WriteTimeout: 10 * time.Second,
 		IdleTimeout:  15 * time.Second,
 	}
 
-	fmt.Println("running server at", host)
+	fmt.Println("running server at", *optListenADDR)
 	log.Fatal(srv.ListenAndServe())
 }