diff --git a/auth/readme.md b/auth/readme.md index 16c96e9..49d6361 100644 --- a/auth/readme.md +++ b/auth/readme.md @@ -1,6 +1,6 @@ # Auth - Signal-CLI HTTP -This module handles the reading and parsing of the auth JSON file. It also acts as a verifier in relation to that information. The file is a JSON object. It acts as a whitelist for which bearer token can do what action. It is passed to the HTTP endpoint via the `Authorization: ` header. Nore that this is not `Authorization: Bearer ` +This module handles the reading and parsing of the auth JSON file. It also acts as a verifier in relation to that information. The file is a JSON object. It acts as a whitelist for which bearer token can do what action. It is passed to the HTTP endpoint via the `Authorization: ` header. Note that this is not `Authorization: Bearer ` Here's a sample auth JSON: @@ -35,7 +35,8 @@ Here's some examples for each case: 1. the request `{"method":"send","params":{"recipient":["+16028675309"],"message":"message"},"id":"SomeID"},` would not match the filter `["+5555555555"]` because one is a JSON map and the other a JSON array. 2. the request `{"method":"something","params":{"recipient":["+16028675309"],"message":"message"},"id":"SomeID"},` would not match the filter `{"method":"send","params":{"recipient":["+16028675309"],"message":"message"}}` because the "method" differs. This would also fail to match if the `method` key was missing in the request JSON. 3. `{"method":"send","params":{"recipient":["+16028675309","someBadNumber"]}}` would not match the filter `{"method":"send","params":{"recipient":["+16028675309",]}}` because of the `someBadNumber` number in the request. This rule exists so that a malicious request cant send a message to both a room/concact that it's whitelisted for, and one that it isn't. -4. `"+16028675309"` would not match the filter `"+15555555555"` because their values differ. +4. `{"method":"send","params":{"recipient":["+15555555555","someBadNumber"]}}` would not match the filter `{"method":"send","params":{"recipient":["+16028675309","someBadNumber"]}}` because of the difference in phone number + Here's what each filter JSON object in the above sample JSON does: `{"method":"send","params":{"recipient":["+16028675309"]}}` allows sending to `+16028675309` (any message, timestamp, etc.) diff --git a/web/readme.md b/web/readme.md index 63c1e87..43ac7d0 100644 --- a/web/readme.md +++ b/web/readme.md @@ -12,7 +12,7 @@ Possible response codes: There is no body content with non-200 response codes. With 200 the response is a valid JSON map or array. -This program simply relays requests to the signal-cli program. **It will not prevent you from breaking anything, outside of not whitelisting certain requests. This program does not understand what requests mean.** Each request comes formatted as a JSON object outlined in the [JSON-RPC documentation](https://github.com/AsamK/signal-cli/blob/master/man/signal-cli-jsonrpc.5.adoc](https://github.com/AsamK/signal-cli/blob/master/man/signal-cli-jsonrpc.5.adoc). +This program simply relays requests to the signal-cli program. **It will not prevent you from breaking anything, outside of not whitelisting certain requests. This program does not understand what requests mean.** Each request comes formatted as a JSON object outlined in the [JSON-RPC documentation](https://github.com/AsamK/signal-cli/blob/master/man/signal-cli-jsonrpc.5.adoc). The program will ensure that the request object is a JSON map, and that the `request` key is present. For any request type that is not `receive`, the program will generate an ID for your request (do not put on in the request, it will return an error) and return the program's response.