Secure webhooks
LuaAuth provides a macro to securely send discord webhooks, you can use this to stop people from stealing your webhook and nuking your server with it
How to use it
syntax: la_send_webhook(url: string, data: json): json
url is the webhooks url
data is the webhook requests body
Return data:
{
success: true,
fail_reason: nil OR 'request failed' OR 'tampering detected',
}
just because it returned success does not mean its guaranteed to be sent.
the webhook might get rate limited, a serverside macro might fail or something else could go wrong
Example
la_send_webhook('https://discord.com/api/webhooks/example', {
embeds = {{
title = 'Embed title',
description = 'Webhook sent from LuaAuth',
}}
})
Verifying data
We provide a macro to verify webhook data
syntax: la_verify_input(data: string, regex: string)
data is the string to verify, this must be a string
regex is a JS regex
It is highly recommended that you use this to prevent users from changing inputs
If you dont use this users could change say there game.JobId to something like @everyone Join discord.gg/myserver and raid your server
The webhook wont send if the regex fails
Example
la_send_webhook('https://discord.com/api/webhooks/example', {
content = ''
embeds = {{
title = 'Embed title',
description = 'Job id is ' .. la_verify_input(game.JobId, '[0-9]{4,22}') .. '```'
}}
})
Server side variables
LuaAuth also provides server side variables for your webhooks
since there server sided the user cannot modify these values
syntax: "#VARIABLE_NAME#"
LA_DISCORD_ID - the users discord id or the string NULL
LA_USER_KEY - the users key or the string NULL
LA_EXECUTOR - the users executor
LA_NOTE - the users note or the string NULL
LA_SCRIPT - the scripts name
Example
la_send_webhook('https://discord.com/api/webhooks/example', {
content = ''
embeds = {{
title = 'A user ran the script #LA_SCRIPT#',
description = 'user key: ||#LA_USER_KEY#||'
}}
})