0

I wrote a simple HTTPS server for my Dialogflow bot. In my code I just trust the req object like this:

Express routing:

app.post('/', Route);

The function that Express calls:

function Route(req, res) {
    if (req.body.status.errorType !== "success") {
        return ;
    }
    // do something really awesome here
}

I think it's not a good idea. I should check the origin of the request. What do you think? Maybe I should use a basic-auth module or something, but I have no idea how to ensure the req object has been processed by Dialogflow. How can I do that?

Ronan Boiteau
  • 9,608
  • 6
  • 34
  • 56
Oscar
  • 1,071
  • 13
  • 26

1 Answers1

3

I found the answer of my own question. Dialogflow let us define some authentication variable explained at the top of this documentation page: https://dialogflow.com/docs/fulfillment

so just explore the req.headers.authorization you will find an authentication variable as HTTP protocol describe it : https://en.wikipedia.org/wiki/Basic_access_authentication

(concat these three things:

  1. Your dialogflow username
  2. The character ':'
  3. Your dialogflow password

and encode it in base64)

Pretty awesome !

Oscar
  • 1,071
  • 13
  • 26