Skip to content

Commit

Permalink
deny old webhooks with 403.
Browse files Browse the repository at this point in the history
  • Loading branch information
KelvinTegelaar committed Jan 9, 2024
1 parent 3a15056 commit d483557
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions PublicWebhooks/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -10,22 +10,23 @@ Write-Host 'Received request'
Write-Host "CIPPID: $($request.Query.CIPPID)"
$url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1
Write-Host $url
if ($Request.Query.CIPPID -in $Webhooks.RowKey) {
if ($Request.Query.CIPPID -in $Webhooks.RowKey -and $Webhooks.Resource -ne 'M365AuditLogs') {
Write-Host 'Found matching CIPPID'

if ($Request.query.ValidationToken -or $Request.body.validationCode) {
Write-Host 'Validation token received'
$body = $request.query.ValidationToken
} else {
Push-OutputBinding -Name QueueWebhook -Value $Request
$Body = 'Webhook Recieved'
$StatusCode = [HttpStatusCode]::OK
}
} else {
$body = 'This webhook is not authorized.'
$StatusCode = [HttpStatusCode]::Forbidden
}

# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
StatusCode = $StatusCode
Body = $body
})

0 comments on commit d483557

Please sign in to comment.