I wrote a simple HTTPS server for my Dialogflow bot. In my code I just trust the req object like this:
Express routing:
app.post('/', Route);
The function that Express calls:
function Route(req, res) {
if (req.body.status.errorType !== "success") {
return ;
}
// do something really awesome here
}
I think it's not a good idea. I should check the origin of the request. What do you think? Maybe I should use a basic-auth module or something, but I have no idea how to ensure the req object has been processed by Dialogflow. How can I do that?
I found the answer of my own question. Dialogflow let us define some authentication variable explained at the top of this documentation page: https://dialogflow.com/docs/fulfillment
so just explore the req.headers.authorization you will find an authentication variable as HTTP protocol describe it : https://en.wikipedia.org/wiki/Basic_access_authentication
(concat these three things:
and encode it in base64)
Pretty awesome !