set user agent on async abuse protection handshake (#78)

Signed-off-by: Kent Rancourt <[email protected]>

internal/cloudevents/http/abuse_protection.go

@@ -1,11 +1,14 @@
 package http
 
 import (
+	"fmt"
 	"log"
 	"net/http"
+	"runtime"
 	"strconv"
 	"time"
 
+	"github.com/brigadecore/brigade-foundations/version"
 	cloudHTTP "github.com/cloudevents/sdk-go/v2/protocol/http"
 )
 
@@ -28,6 +31,7 @@ func ValidateEventSource(w http.ResponseWriter, r *http.Request) {
 	// Complete the handshake asynchronously if a callback URL was provided...
 	if callbackURL :=
 		r.Header.Get("WebHook-Request-Callback"); callbackURL != "" {
+		headers.Set("User-Agent", userAgentHeaderValue())
 		// The spec is somewhat vague here. It says we can send either GET or POST,
 		// but it doesn't explicitly state that the receiver (the event source we're
 		// validating) has to accept both. To cover our bases and ensure
@@ -76,3 +80,12 @@ func executeSourceValidationCallback(method, url string, headers http.Header) {
 		)
 	}
 }
+
+func userAgentHeaderValue() string {
+	return fmt.Sprintf("Go/%s (%s-%s) brigade-cloudevents-gateway/%s",
+		runtime.Version(),
+		runtime.GOARCH,
+		runtime.GOOS,
+		version.Version(),
+	)
+}

internal/cloudevents/http/abuse_protection_test.go

@@ -93,6 +93,14 @@ func TestValidateEventSource(t *testing.T) {
 				}
 				s.Server = httptest.NewServer(http.HandlerFunc(
 					func(w http.ResponseWriter, r *http.Request) {
+						require.Equal(t, "*", r.Header.Get("WebHook-Allowed-Origin"))
+						require.Equal(
+							t,
+							strconv.Itoa(cloudHTTP.DefaultAllowedRate),
+							r.Header.Get("WebHook-Allowed-Rate"),
+						)
+						require.Equal(t, http.MethodPost, r.Header.Get("Allow"))
+						require.Equal(t, userAgentHeaderValue(), r.Header.Get("User-Agent"))
 						switch r.Method {
 						case http.MethodGet:
 							// Indicate the GET callback was received