From 54db02a084e23c54b25358d5cffa9cd4509b9873 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Wed, 31 Jan 2024 08:16:29 -0500 Subject: update for howtogetyoursmsonirc.md --- mds/howtogetyourSMSonIRC.md | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'mds/howtogetyourSMSonIRC.md') diff --git a/mds/howtogetyourSMSonIRC.md b/mds/howtogetyourSMSonIRC.md index af90d93..6b816b1 100644 --- a/mds/howtogetyourSMSonIRC.md +++ b/mds/howtogetyourSMSonIRC.md @@ -55,7 +55,26 @@ We can put the basic auth cerdentials in the url: https://user:pass@sms.mywebhook.com ``` -#### Deployment +Also do please remember that on the app side we need to add the authorization header like so:
+ +```json +{"Content-Type": "application/json"; "Authorization": "Basic base64-encoded-username:password"} +``` + +As for the url, use your endpoint without using the username and passwor in the URI.
+ +### Dev works + +You can find the finished code [here](https://github.com/terminaldweller/sms-webhook).
+ +Here's a brief explanation of what the code does:
+We launch the irc bot in a goroutine. The web hook server will only respond to POST requests on `/sms` after a successful basic http authentication.
+In our case there is no reason not to use a randomized username as well. So effectively we will have two secrets this way. You can create a new user in the pocketbase admin panel. Pocketbase comes with a default collection for users so just create a new entry in there.
+ +- The code will respond with a 401 for all failed authentication attempts.
+- We dont fill out missing credentials for non-existant users to make timing attacks harder. Thats something we can do later.
+ +### Deployment ```nginx events { @@ -160,7 +179,7 @@ volumes:

timestamp:1706042815
-
version:1.0.0
+
version:1.1.0
https://blog.terminaldweller.com/rss/feed
https://raw.githubusercontent.com/terminaldweller/blog/main/mds/lazymakefiles.md

-- cgit v1.2.3