Force user to set a secret/auth token for webhooks

This change ends execution if the default auth token/secret has not been changed.
10 years ago · fed7b6988d
parent 6516026e6a
commit fed7b6988d
2 changed files with 12 additions and 0 deletions
--- a/webhook.github.php
+++ b/webhook.github.php
@ -61,6 +61,12 @@ define('TOOLKIT_PATH', '/home/<user>/bin');
 // We are always returning plain text
 header('Content-Type: text/plain');

+// Check if a secret has been set
+if(SECRET == '<long token>') {
+	http_response_code(400);
+	die('No secret has been set in ' . basename(__FILE__) . '. This script won\'t work without one.');
+}
+
 // Check which event this is
 if(!isset($_SERVER['HTTP_X_GITHUB_EVENT'])) {
 	http_response_code(400);
--- a/webhook.gitlab.php
+++ b/webhook.gitlab.php
@ -63,6 +63,12 @@ define('TOOLKIT_PATH', '/home/<user>/bin');
 // We are always returning plain text
 header('Content-Type: text/plain');

+// Check if an auth token has been set
+if(AUTH_TOKEN == '<long token>') {
+	http_response_code(400);
+	die('No auth token has been set in ' . basename(__FILE__) . '. This script won\'t work without one.');
+}
+
 // Check if the authentication is valid
 if(!isset($_GET['token']) || $_GET['token'] !== AUTH_TOKEN) {
 	http_response_code(401);