- Add HMAC-SHA256 signature verification for webhooks
- Support multiple secrets for rotation
- Add security logging for authentication events
- Maintain backward compatibility (auth optional during migration)
- Add comprehensive test coverage
Without authentication, anyone could trigger job evaluations by sending
POST requests to webhook endpoints. This could lead to resource exhaustion
through repeated requests or manipulation of build scheduling. While not
a data breach risk, it allows unauthorized control over CI/CD operations.
- hydra does not remove the base URI from the request before processing
it, so this must be done in the reverse proxy. in nginx this is done
by giving proxy_pass a URI rather than a protocol/host/port; see:
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
- proxy_redirect is not correct/required: hydra uses proxy headers to
correctly form redirects in most cases, and where it doesn't it
produces local redirects which aren't matched by this directive anyway
The indentation in the hydra.conf makes it possible to include multi-line
strings without it being likely that the contents of the tracker
is mis-parsed or interrupts tho config parser.
It isn't impossible / foolproof probably, but it shouldn't be likely.
