main(): Respond with 403 by default

Previously we were responding with a 200 if all else checked out. This seems too permissive. Only the authorised webhook requester should receive a 200. All other requesters should be denied access. Swap the last two responses to reflect this.
author: Teddy Wing 2018-11-10 23:58:12 +0100
committer: Teddy Wing 2018-11-10 23:58:12 +0100
commit: d52c89089623d511f5059bcfc36b3a6e424d3bcb (patch)
tree: 8b336a78c8b6db048dfe9bfeccc1c36d2936dfdc /license-generator/src/main.rs
parent: 1849f68f1f725d1528c5712c315c7832641932a5 (diff)
download: dome-key-web-d52c89089623d511f5059bcfc36b3a6e424d3bcb.tar.bz2
1 files changed, 4 insertions, 4 deletions
diff --git a/license-generator/src/main.rs b/license-generator/src/main.rs
index bd8b192..477ebf4 100644
--- a/license-generator/src/main.rs
+++ b/license-generator/src/main.rs
@@ -104,19 +104,19 @@ fn main() -> Result<()> {
             },
         };
 
-        if !is_verified {
-            response::set_403(&mut req.stdout()).unwrap_or(());
+        if is_verified {
             write!(&mut req.stdout(), "Content-Type: text/plain
 
-403 Forbidden: Invalid request signature")
+    200 OK")
                 .unwrap_or(());
 
             return;
         }
 
+        response::set_403(&mut req.stdout()).unwrap_or(());
         write!(&mut req.stdout(), "Content-Type: text/plain
 
-200 OK")
+403 Forbidden: Invalid request signature")
             .unwrap_or(());
     });
author	Teddy Wing	2018-11-10 23:58:12 +0100
committer	Teddy Wing	2018-11-10 23:58:12 +0100
commit	d52c89089623d511f5059bcfc36b3a6e424d3bcb (patch)
tree	8b336a78c8b6db048dfe9bfeccc1c36d2936dfdc /license-generator/src/main.rs
parent	1849f68f1f725d1528c5712c315c7832641932a5 (diff)
download	dome-key-web-d52c89089623d511f5059bcfc36b3a6e424d3bcb.tar.bz2