github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-02-01 06:05:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Don't send sensitive data in webhooks (#6350)

Browse Source 
Fixes #6246
This commit is contained in:
Rijk van Zanten
2021-06-17 11:13:31 -04:00
committed by rijkvanzanten
parent e5012784d3
commit 02a44c5861
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
api/src/webhooks.ts
View File

@@ -4,6 +4,7 @@ import getDatabase from './database';
import emitter from './emitter';
import logger from './logger';
import { Webhook } from './types';
import { pick } from 'lodash';
let registered: { event: string; handler: ListenerFn }[] = [];
@@ -44,11 +45,21 @@ function createHandler(webhook: Webhook): ListenerFn {
const collectionAllowList = webhook.collections.split(',');
if (collectionAllowList.includes('*') === false && collectionAllowList.includes(data.collection) === false) return;
const webhookPayload = pick(data, [
'event',
'accountability.user',
'accountability.role',
'collection',
'item',
'action',
'payload',
]);
try {
await axios({
url: webhook.url,
method: webhook.method,
data: webhook.data ? data : null,
data: webhook.data ? webhookPayload : null,
});
} catch (error) {
logger.warn(`Webhook "${webhook.name}" (id: ${webhook.id}) failed`);