Separate POST and GET auth

Backwards-incompatible change: setting either of these to `false` means that all POST or GET requests are denied. (In practice, supporting unauthenticated requests were a bad idea anyway.)

1 files changed, 4 insertions, 2 deletions

diff --git a/config.example.toml b/config.example.toml
index 709e550..c46b616 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -22,8 +22,10 @@
 		# The webpath must start with a slash.
 		#webpath = '/spam'
 		#ircchannel = '#spam'
-		# auth can be either 'user:pass' for basic authentication or false to disable auth
-		#auth = false
+		# postauth and getauth can be either 'user:pass' for basic authentication or false to disable POST/GET access on this endpoint
+		# For backwards compatibility, auth is treated as an alias of postauth.
+		#postauth = false
+		#getauth = false
 		# module is the path to a Python source file that handles the message transformation. It must contain a coroutine function 'process' that takes one argument, the aiohttp.web.Request object, and returns the message string to be sent to IRC, which must not contain any linebreaks (CR or LF). It may raise an aiohttp.web.HTTPException to stop processing; any other exception will also cause the processing to be stopped and a '400 Bad Request' response to be returned to the client. The empty default value (None) causes the default processor to be used, which expects a straight message in the request body (with an optional trailing CR+LF or LF) and performs no transformations other than encoding the message as UTF-8.
 		#module =
 		# moduleargs are additional arguments to be passed into the module's process function after the request object. Example use: Gitea webhook secret key