diff --git a/.github/templates/README.template.md b/.github/templates/README.template.md index 3af56e74..829cb3af 100644 --- a/.github/templates/README.template.md +++ b/.github/templates/README.template.md @@ -145,11 +145,11 @@ You can also combine them: } ``` -#### Query-to-Body Injection +#### URL-to-Body Injection -In some cases you may not be able to access / modify the request body, in that case specify needed values in the request query: +In some cases you may not be able to access / modify the request body, in that case specify needed values in the request query or path: -`http://sec-signal-api:8880/?@key=value` +`http://sec-signal-api:8880/@key2=value2/?@key=value` > [!IMPORTANT] > To differentiate **injection queries** from _regular_ queries, **prefix the key with `@`**. @@ -194,7 +194,7 @@ This means that any valid Go template string will also work in Secured Signal AP Go's templating library is used in the following features: - [Message Templates](#message-templates) -- [Query-to-Body Injection](#query-to-body-injection) +- [URL-to-Body Injection](#url-to-body-injection) - [Placeholders](#placeholders) This makes advanced [Message Templates](#message-templates) like this one possible: @@ -259,9 +259,9 @@ By default adding an endpoint explicitly allows access to it, use `!` to block i | Config (Allow) | (Block) | Result | | | | | :------------- | :------------- | :--------: | --- | :---------------: | --- | -| `/v2/send` | `unset` | **all** | ⛔️ | **`/v2/send`** | ✅ | -| `unset` | `!/v1/receive` | **all** | ✅ | **`/v1/receive`** | ⛔️ | -| `!/v2*` | `/v2/send` | **`/v2*`** | ⛔️ | **`/v2/send`** | ✅ | +| `/v2/send` | `unset` | **all** | ⛔️ | **`/v2/send`** | ✅ | +| `unset` | `!/v1/receive` | **all** | ✅ | **`/v1/receive`** | ⛔️ | +| `!/v2*` | `/v2/send` | **`/v2*`** | ⛔️ | **`/v2/send`** | ✅ | ### Variables diff --git a/docs/integrations/home-assistant/configuration.yml b/docs/integrations/home-assistant/configuration.yml index 5c4e9524..c2a84331 100644 --- a/docs/integrations/home-assistant/configuration.yml +++ b/docs/integrations/home-assistant/configuration.yml @@ -1,7 +1,7 @@ notify: - name: signal platform: signal_messenger - url: "http://sec-signal-api:8880/auth=API_TOKEN" - number: "+123400001" + url: "http://sec-signal-api:8880/@auth=API_TOKEN" + number: "{{.NUMBER}}" recipients: - "+123400002" # tip: use a placeholder instead diff --git a/docs/integrations/home-assistant/home-assistant.md b/docs/integrations/home-assistant/home-assistant.md index bbe2411c..a13ccd5d 100644 --- a/docs/integrations/home-assistant/home-assistant.md +++ b/docs/integrations/home-assistant/home-assistant.md @@ -16,10 +16,7 @@ To be able to use the Signal Messenger integration in Home Assistant you need to {{{ #://./configuration.yml }}} ``` -> [!IMPORTANT] -> Home Assistant requires `number` to actually be a number, so using placeholders is not supported at the moment - -Here we are taking advantage of the `url` field for adding `/auth=API_TOKEN` in order to use [Path Auth](../usage#auth). +Here we are taking advantage of the `url` field for adding `/@auth=API_TOKEN` in order to use [Path Auth](../usage#auth). For more detailed configuration instructions read the [official Home Assistant docs](https://www.home-assistant.io/integrations/signal_messenger/). diff --git a/docs/usage/advanced.md b/docs/usage/advanced.md index 4fc99fa0..08788154 100644 --- a/docs/usage/advanced.md +++ b/docs/usage/advanced.md @@ -46,20 +46,20 @@ These can be especially **helpful** when managing **variables** across multiple > [!NOTE] > Placeholders follow strict formatting rules ([See Formatting](./formatting#templates)) -## Query-to-Body Injection +## URL-to-Body Injection > _Sounds scary… but it really isn't._ 🫣 -**Query-to-Body Injection** is a powerful feature designed for **restricted or inflexible environments**. +**URL-to-Body Injection** is a powerful feature designed for **restricted or inflexible environments**. In some setups, webhook configuration is extremely limited. For example, you may **only** be able to define a webhook URL, without any control over the **request body**. This becomes a problem when every receiving service is expected to support the **Signal CLI REST API** format. In such cases, using a simple, generic webhook is not possible. -**Query-to-Body Injection** solves this by allowing you to inject values directly into the request body via query parameters. +**URL-to-Body Injection** solves this by allowing you to inject values directly into the request body via query parameters or seperated path parameters. -`http://sec-signal-api:8880/?@key=value` +`http://sec-signal-api:8880/@key2=value2/?@key=value` > [!IMPORTANT] > diff --git a/docs/usage/formatting.md b/docs/usage/formatting.md index 3a50456c..de8873c8 100644 --- a/docs/usage/formatting.md +++ b/docs/usage/formatting.md @@ -15,8 +15,8 @@ As a result, any valid Go template string works in Secured Signal API. > [!NOTE] > The following features use Go’s templating library: > -> - [Message Templates](../configuration/message-template) -> - [Query-to-Body Injection](./advanced#query-to-body-injection) +> - [URL Templates](../configuration/message-template) +> - [URL-to-Body Injection](./advanced#url-to-body-injection) > - [Placeholders](./advanced#placeholders) | Scope | Example | Note | diff --git a/docs/usage/index.md b/docs/usage/index.md index bb67b37d..8401ec25 100644 --- a/docs/usage/index.md +++ b/docs/usage/index.md @@ -28,8 +28,8 @@ This will send `Hello, World!` to `` from ``. | :---------- | :--------------------------------------------------------- | | Bearer Auth | Add `Authorization: Bearer API_TOKEN` to headers | | Basic Auth | Add `Authorization: Basic BASE64_STRING` (`api:API_TOKEN`) | -| Query Auth | Append `@authorization=API_TOKEN` to request URL | -| Path Auth | Prepend request path with `/auth=API_TOKEN/` | +| Query Auth | Append `@auth=API_TOKEN` to request URL | +| Path Auth | Prepend request path with `/@auth=API_TOKEN/` | | Body Auth | Set `auth` to `API_TOKEN` in the request body | > [!WARNING]