taigrr/wtf
1
0
Fork 0
mirror of https://github.com/taigrr/wtf synced 2025-01-18 04:03:14 -08:00
Code Issues Projects Releases Wiki Activity

Merge pull request #514 from wtfutil/WTF-508-hibp-api-subscription

Browse Source 
WTF-508 HIBP now uses API v3 with authorization to fetch data
This commit is contained in:
Chris Cummer 2019-07-21 16:04:25 -07:00 committed by GitHub
commit 30530a8593
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
modules/hibp/client.go
View File

@ -2,6 +2,7 @@ package hibp
import (
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"net/http"
@ -9,12 +10,16 @@ import (
)
const (
apiURL = "https://haveibeenpwned.com/api/breachedaccount/"
apiVersion = "application/vnd.haveibeenpwned.v2+json"
apiURL = "https://haveibeenpwned.com/api/v3/breachedaccount/"
clientTimeoutSecs = 2
userAgent = "WTFUtil"
)
type hibpError struct {
StatusCode int `json:"statusCode"`
Message string `json:"message"`
}
func (widget *Widget) fullURL(account string, truncated bool) string {
truncStr := "false"
if truncated == true {
@ -43,8 +48,8 @@ func (widget *Widget) fetchForAccount(account string, since string) (*Status, er
return nil, err
}
request.Header.Set("Accept", apiVersion)
request.Header.Set("User-Agent", userAgent)
request.Header.Set("hibp-api-key", widget.settings.apiKey)
response, getErr := hibpClient.Do(request)
if getErr != nil {
@ -56,6 +61,11 @@ func (widget *Widget) fetchForAccount(account string, since string) (*Status, er
return nil, err
}
hibpErr := widget.validateHTTPResponse(response.StatusCode, body)
if hibpErr != nil {
return nil, errors.New(hibpErr.Message)
}
stat, err := widget.parseResponseBody(account, body)
if err != nil {
return nil, err
@ -115,3 +125,16 @@ func (widget *Widget) filterBreaches(breaches []Breach) []Breach {
return latestBreaches
}
func (widget *Widget) validateHTTPResponse(responseCode int, body []byte) *hibpError {
hibpErr := &hibpError{}
switch responseCode {
case 401, 402:
json.Unmarshal(body, hibpErr)
default:
hibpErr = nil
}
return hibpErr
}

4
modules/hibp/settings.go
View File

@ -24,7 +24,8 @@ type Settings struct {
common *cfg.Common
accounts []string `help:"A list of the accounts to check the HIBP database for."`
since string `help:"Only check for breaches after this date. Set this if youve been breached in the past, have taken steps to mitigate that (changing passwords, cancelling accounts, etc.) and now only want to know about future breaches." values:"A date string in the format 'yyyy-mm-dd', ie: '2019-06-22'", optional:"true"`
apiKey string `help:"Your HIBP API v3 API key"`
since string `help:"Only check for breaches after this date. Set this if youve been breached in the past, have taken steps to mitigate that (changing passwords, cancelling accounts, etc.) and now only want to know about future breaches." values:"A date string in the format 'yyyy-mm-dd', ie. '2019-06-22'" optional:"true"`
}
// NewSettingsFromYAML creates a new settings instance from a YAML config block
@ -32,6 +33,7 @@ func NewSettingsFromYAML(name string, ymlConfig *config.Config, globalConfig *co
settings := &Settings{
common: cfg.NewCommonSettingsFromModule(name, defaultTitle, ymlConfig, globalConfig),
apiKey: ymlConfig.UString("apiKey", ""),
accounts: wtf.ToStrs(ymlConfig.UList("accounts")),
since: ymlConfig.UString("since", ""),
}