Don't handle a missing source as an error

Tereius · Tereius · commit 251499814a90 · 2024-08-04T19:29:07.000+02:00
diff --git a/runner-autoscaler/pkg/srv.go b/runner-autoscaler/pkg/srv.go
@@ -202,19 +202,24 @@ func (s *Autoscaler) verifySignature(ctx *gin.Context) ([]byte, Source, error) {
 				if source, ok := s.conf.RegisteredSources[src]; ok {
 					if calcSignature := calcSigHex([]byte(source.Secret), body); calcSignature == signature[7:] {
 						return body, source, nil
+					} else {
+						log.Warnf("%s signature did not match", ctx.RemoteIP())
+						return nil, Source{}, ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("unauthorized"))
 					}
 				} else {
-					log.Errorf("Source with name %s not registered", src)
+					log.Infof("Source with name %s not registered - ignoring", src)
+					ctx.Status(http.StatusOK) // not considered an error
+					return nil, Source{}, fmt.Errorf("unknown webhook source")
 				}
 			} else {
-				log.Error("Missing src query parameter")
+				log.Errorf("Missing %s query parameter", s.conf.SourceQueryParam)
+				return nil, Source{}, ctx.AbortWithError(http.StatusBadRequest, fmt.Errorf("missing %s query parameter", s.conf.SourceQueryParam))
 			}
 		}
+	} else {
+		log.Warnf("%s did not provide a signature", ctx.RemoteIP())
+		return nil, Source{}, ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("unauthorized"))
 	}
-
-	log.Warnf("%s is unauthorized", ctx.RemoteIP())
-	ctx.AbortWithStatus(http.StatusUnauthorized)
-	return nil, Source{}, fmt.Errorf("unauthorized")
 }
 
 func (s *Autoscaler) GetInstanceState(ctx context.Context, instanceName string) (State, error) {

Original file line number	Diff line number	Diff line change
`@@ -202,19 +202,24 @@ func (s Autoscaler) verifySignature(ctx gin.Context) ([]byte, Source, error) {`
`202`	`202`	`if source, ok := s.conf.RegisteredSources[src]; ok {`
`203`	`203`	`if calcSignature := calcSigHex([]byte(source.Secret), body); calcSignature == signature[7:] {`
`204`	`204`	`return body, source, nil`
	`205`	`+ } else {`
	`206`	`+ log.Warnf("%s signature did not match", ctx.RemoteIP())`
	`207`	`+ return nil, Source{}, ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("unauthorized"))`
`205`	`208`	`}`
`206`	`209`	`} else {`
`207`		`- log.Errorf("Source with name %s not registered", src)`
	`210`	`+ log.Infof("Source with name %s not registered - ignoring", src)`
	`211`	`+ ctx.Status(http.StatusOK) // not considered an error`
	`212`	`+ return nil, Source{}, fmt.Errorf("unknown webhook source")`
`208`	`213`	`}`
`209`	`214`	`} else {`
`210`		`- log.Error("Missing src query parameter")`
	`215`	`+ log.Errorf("Missing %s query parameter", s.conf.SourceQueryParam)`
	`216`	`+ return nil, Source{}, ctx.AbortWithError(http.StatusBadRequest, fmt.Errorf("missing %s query parameter", s.conf.SourceQueryParam))`
`211`	`217`	`}`
`212`	`218`	`}`
	`219`	`+ } else {`
	`220`	`+ log.Warnf("%s did not provide a signature", ctx.RemoteIP())`
	`221`	`+ return nil, Source{}, ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("unauthorized"))`
`213`	`222`	`}`
`214`		`-`
`215`		`- log.Warnf("%s is unauthorized", ctx.RemoteIP())`
`216`		`- ctx.AbortWithStatus(http.StatusUnauthorized)`
`217`		`- return nil, Source{}, fmt.Errorf("unauthorized")`
`218`	`223`	`}`
`219`	`224`
`220`	`225`	`func (s *Autoscaler) GetInstanceState(ctx context.Context, instanceName string) (State, error) {`