// POST webhook/Iotqi public HttpResponseMessage Post([FromBody] IotqiAlert alertContent) { if (!IotqiWebhook.ValidateWebhookObject(Request, alertContent)) { return(Request.CreateResponse(HttpStatusCode.BadRequest));; } //process actions to be taken here Program.dispatcher.Dispatch(alertContent); return(Request.CreateResponse(HttpStatusCode.OK)); }
internal static bool ValidateWebhookObject(HttpRequestMessage webhookMessage, IotqiAlert alertContent) { var signatureReceived = ""; var signatureComputed = ""; if (webhookMessage.Headers.TryGetValues("X-Iotqi-Signature", out IEnumerable <string> headerValues)) { signatureReceived = headerValues.FirstOrDefault(); signatureComputed = IotqiWebhook.GetHashString(JsonConvert.SerializeObject(alertContent).ToLower() + Program.WebhookCredentials); } if (!string.IsNullOrEmpty(signatureReceived) && signatureReceived != signatureComputed) { return(false); // received signature is invalid } if (string.IsNullOrEmpty(alertContent.AlertName)) { return(false); // alerts must contain names; if this is null, the webhook POST is malformed } return(true); }