check the headers and query parameters

check for the folling headers: * `X-Gitlab-Token`` * `Content-Type` check for the following query parameterts: * `room`

check the headers and query parameters
86205609 · Lorenz Steinert · cac3cb74 · 86205609
Unverified Commit 86205609 authored 5 years ago by Lorenz Steinert
--- a/gitlab/__init__.py
+++ b/gitlab/__init__.py
@@ -22,17 +22,50 @@ class Gitlab(Plugin):
    routes = web.RouteTableDef()
    async def process_hook(self, request: web.Request) -> None:
+        if not request.has_body():
+            await self.client.send_text(request.query['room'],
+                                        "Webhook doesn't have a Body.")
        self.log.debug(str(request))
        self.log.debug(str(request.query['room']))
        await self.client.send_text(request.query['room'], str(request))
    async def post_handler(self, request: web.Request) -> web.Response:
-        if not request.headers['X-Gitlab-Token'] == self.config['secret']:
+        # check the authorisation of the request
-            return web.Response(status=403)
+        if 'X-Gitlab-Token' not in request.headers \
+                or not request.headers['X-Gitlab-Token'] == self.config['secret']:
+            resp_text = '403 FORBIDDEN'
+            return web.Response(text=resp_text,
+                                status=403
+                                )
+        # check if a roomid was specified
+        if 'room' not in request.query:
+            resp_text = 'No room specified. ' \
+                        'Use example.com' + self.config['path'] + \
+                        '?room=!<roomid>.'
+            return web.Response(text=resp_text,
+                                status=400
+                                )
+        # check if the bot is in the specified room
+        # TODO: make joined_rooms a clas property which is updated on startup and room join/leave
+        joined_rooms = await self.client.get_joined_rooms()
+        if request.query['room'] not in joined_rooms:
+            resp_text = 'The Bot is not in the room.'
+            return web.Response(text=resp_text,
+                                status=403
+                                )
+        # check if we can read the content of the request
+        if 'Content-Type' not in request.headers \
+                or not request.headers['Content-Type'] == 'application/json':
+            self.log.debug(request.headers['Content-Type'])
+            return web.Response(status=406,
+                                headers={'Content-Type': 'application/json'}
+                                )
        self.task_list.append(asyncio.create_task(self.process_hook(request)))
-        return web.Response()
+        return web.Response(status=202)
    async def start(self) -> None:
        self.config.load_and_update()