From 7ca3866a865ee8e654bbabaaed22c0ad97a7d39d Mon Sep 17 00:00:00 2001
From: Grégoire Duchêne <gduchene@awhk.org>
Date: Sun, 4 Apr 2021 21:29:15 +0100
Subject: Return 403 if request signatures do not match

---
 pkg/twilio/filter.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'pkg/twilio/filter.go')

diff --git a/pkg/twilio/filter.go b/pkg/twilio/filter.go
index 7d5f6b5..90e84cc 100644
--- a/pkg/twilio/filter.go
+++ b/pkg/twilio/filter.go
@@ -67,7 +67,11 @@ func (th *Filter) CheckRequestSignature(r *http.Request) error {
 func (th *Filter) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if err := th.CheckRequestSignature(r); err != nil {
 		log.Println("Failed to check Twilio signature:", err)
-		w.WriteHeader(http.StatusBadRequest)
+		if err == ErrSignatureMismatch {
+			w.WriteHeader(http.StatusForbidden)
+		} else {
+			w.WriteHeader(http.StatusBadRequest)
+		}
 		return
 	}
 	th.Handler.ServeHTTP(w, r)
-- 
cgit v1.2.3-70-g09d2