package httpapi import "net/http" // receiveSecurityEvent accepts an RFC 8417 Security Event Token over RFC 8935 Push. // // @Summary Receive an SSF Security Event Token // @Description Optional endpoint. It validates a stream-specific Bearer before parsing and verifying an ES256 SET. A committed event and a duplicate jti both return an empty 202 response. // @Tags Security Events // @Accept application/secevent+jwt // @Produce json // @Param Authorization header string true "Bearer stream-specific-secret" // @Param set body string true "Compact signed Security Event Token" // @Success 202 // @Failure 400 {object} map[string]string // @Failure 401 {object} map[string]string // @Failure 403 {object} map[string]string // @Failure 503 {object} map[string]string // @Router /api/v1/security-events/ssf [post] func (s *Server) receiveSecurityEvent(w http.ResponseWriter, r *http.Request) { receiver := s.securityEventReceiver if s.identityRuntime != nil { receiver = s.identityRuntime.SecurityEventReceiver() } if receiver == nil { http.NotFound(w, r) return } receiver.ServeHTTP(w, r) }