A dead simple webhook server with support for TOTP authentication (OTP codes generated by a 2FA app such as Google Authenticator).
Built with the intention of being used as a simple deployment service for personal and school projects.
TOTP authentication added to discourage curious people from messing with your system. Just enough to keep honest people honest!
To run the server:
$ ./go-webhook -h
Usage of ./go-webhook:
-otp-secret string
Base32 encoded secret code for OTP authentication. Set this value only if you wish to enable OTP authentication.
-port string
Server port (default "8080")
# Examples:
$ ./go-webhook
$ ./go-webhook -port=5000 -otp-secret=4S62BZNFXXSZLCRO
The endpoints for the server are determined by the script files present in the directory that the go binary is executed
from. All endpoints will be in the form path/<scriptFile.sh>
Interacting with the server can be done through your browser's address bar, simply by going to the appropriate endpoint:
Run the shell script and wait for its completion:
$ curl http://localhost:8080/webhook/run/script.sh
Script output:
Hello bash!
Run the shell script but don't wait for completion:
$ curl http://localhost:8080/webhook/async/script.sh
Triggered script: script.sh
Get the timestamp and output of the last script execution:
$ curl http://localhost:8080/webhook/log/script.sh
Script script.sh last executed at:
Thu Apr 2 10:15:10 PDT 2020
Output:
Hello bash!
If OTP authentication is enabled, simply append ?otp=<your OTP code> to the end of the url to authenticate.
OTP authentication will be required for every endpoint.
Authenticating write a valid OTP:
$ curl http://localhost:8080/webhook/run/script.sh?otp=123456
Script output:
Hello bash!
If an invalid OTP is provided:
$ curl http://localhost:8080/webhook/run/script.sh?otp=123456
Unauthorized.