Skip to content

Commit

Permalink
Merge pull request #17 from atc0005/extend-webhook-validation
Browse files Browse the repository at this point in the history
Extend webhook validation error handling
  • Loading branch information
atc0005 authored Apr 13, 2020
2 parents f640d50 + 943cdeb commit a6412ec
Showing 1 changed file with 26 additions and 10 deletions.
36 changes: 26 additions & 10 deletions send.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ import (
"time"
)

// Known webhook URL prefixes for submitting messages to Microsoft Teams
const (
WebhookURLOfficecomPrefix = "https://outlook.office.com"
WebhookURLOffice365Prefix = "https://outlook.office365.com"
)

// API - interface of MS Teams notify
type API interface {
Send(webhookURL string, webhookMessage MessageCard) error
Expand Down Expand Up @@ -80,19 +86,29 @@ func IsValidInput(webhookMessage MessageCard, webhookURL string) (bool, error) {
// IsValidWebhookURL performs validation checks on the webhook URL used to
// submit messages to Microsoft Teams.
func IsValidWebhookURL(webhookURL string) (bool, error) {
// basic URL check
_, err := url.Parse(webhookURL)
if err != nil {
return false, err
}
// only pass MS teams webhook URLs

switch {
case strings.HasPrefix(webhookURL, "https://outlook.office.com/webhook/"):
case strings.HasPrefix(webhookURL, "https://outlook.office365.com/webhook/"):
case strings.HasPrefix(webhookURL, WebhookURLOfficecomPrefix):
case strings.HasPrefix(webhookURL, WebhookURLOffice365Prefix):
default:
err = errors.New("invalid ms teams webhook url")
return false, err
u, err := url.Parse(webhookURL)
if err != nil {
return false, fmt.Errorf(
"unable to parse webhook URL %q: %v",
webhookURL,
err,
)
}
userProvidedWebhookURLPrefix := u.Scheme + "://" + u.Host

return false, fmt.Errorf(
"webhook URL does not contain expected prefix; got %q, expected one of %q or %q",
userProvidedWebhookURLPrefix,
WebhookURLOfficecomPrefix,
WebhookURLOffice365Prefix,
)
}

return true, nil
}

Expand Down

0 comments on commit a6412ec

Please sign in to comment.