Skip to main content

WebhookAuth

ironflow_runtime::webhook

Enum WebhookAuth 

Source 
pub enum WebhookAuth {
    None,
    Header {
        name: String,
        expected: String,
    },
    HmacSha256 {
        header: String,
        secret: String,
    },
}
Expand description

Authentication strategy for a webhook endpoint.

Each variant describes how to verify that an incoming request is legitimate. Use the constructor methods (WebhookAuth::none, WebhookAuth::header, WebhookAuth::github, WebhookAuth::gitlab) rather than building variants manually, as they normalise header names and apply the correct defaults.

§Examples

use ironflow_runtime::webhook::WebhookAuth;

// No authentication
let auth = WebhookAuth::none();

// GitHub HMAC-SHA256 authentication
let auth = WebhookAuth::github("my-webhook-secret");

// GitLab static-token authentication
let auth = WebhookAuth::gitlab("my-gitlab-token");

// Custom header authentication
let auth = WebhookAuth::header("x-api-key", "secret-value");

Variants§

§

None

No authentication - every request is accepted.

§

Header

Static header comparison.

The request must contain a header whose value exactly matches expected. The header name is stored in lower-case.

Fields

§name: String

Lower-cased header name.

§expected: String

Expected header value.

§

HmacSha256

HMAC-SHA256 signature verification.

The request must contain a header whose value is a hex-encoded HMAC-SHA256 digest prefixed with sha256=. The digest is computed over the raw request body using secret as the HMAC key.

Fields

§header: String

Header name that carries the signature (e.g. x-hub-signature-256).

§secret: String

Shared secret used to compute the HMAC.

Implementations§

Source§

impl WebhookAuth

Source

pub fn none() -> Self

Creates an authentication strategy that accepts every request.

§Examples
use ironflow_runtime::webhook::WebhookAuth;

let auth = WebhookAuth::none();
Source

pub fn header(name: &str, expected: &str) -> Self

Creates a static-header authentication strategy.

The name is automatically lower-cased so that look-ups are case-insensitive (HTTP headers are case-insensitive by spec).

§Examples
use ironflow_runtime::webhook::WebhookAuth;

let auth = WebhookAuth::header("x-api-key", "super-secret");
Source

pub fn gitlab(secret: &str) -> Self

Preset for GitLab webhooks.

GitLab sends the secret token in the X-Gitlab-Token header as a plain-text value. This is a convenience wrapper around WebhookAuth::header.

§Examples
use ironflow_runtime::webhook::WebhookAuth;

let auth = WebhookAuth::gitlab("my-gitlab-secret");
Source

pub fn github(secret: &str) -> Self

Preset for GitHub webhooks.

GitHub signs the payload body with HMAC-SHA256 and sends the result in the X-Hub-Signature-256 header, prefixed with sha256=. This constructor configures the correct header name and stores the shared secret.

§Examples
use ironflow_runtime::webhook::WebhookAuth;

let auth = WebhookAuth::github("my-github-webhook-secret");
Source

pub fn verify(&self, headers: &HeaderMap, body: &[u8]) -> bool

Verifies an incoming request against this authentication strategy.

Returns true if the request is authentic, false otherwise.

§Behaviour per variant
VariantVerification
NoneAlways returns true.
HeaderChecks that the named header equals the expected value.
HmacSha256Strips the sha256= prefix, hex-decodes the signature, computes HMAC-SHA256 over body, and compares in constant time.
§Examples
use axum::http::HeaderMap;
use ironflow_runtime::webhook::WebhookAuth;

let auth = WebhookAuth::none();
let headers = HeaderMap::new();
assert!(auth.verify(&headers, b"any body"));

Trait Implementations§

Source§

impl Clone for WebhookAuth

Source§

fn clone(&self) -> WebhookAuth

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for WebhookAuth

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more