add request matching checks/errors

2025-12-06 20:21:36 +01:00 · 2019-10-06 11:50:08 +02:00
parent e40126f1ab
commit ac3f34e054
1 changed files with 13 additions and 0 deletions
--- a/webhook-listener.py
+++ b/webhook-listener.py
@@ -4,6 +4,9 @@ import argparse
 import json

 app = flask.Flask("webhook-listener")
+SECRET_TOKEN_HEADER = "X-Gitlab-Token"
+PROJECT_IDENTIFIER  = "web_url"
+config = {}

 ##### FRONTEND PATHS ########
@app.route('/', methods=["GET","POST"])
@@ -11,6 +14,16 @@ def rootPage():
    if flask.request.method == "GET":
        return "Webhook Listener ist running"
    else:
+        data = flask.request.json
+
+        # check request against configuration #
+        if data[PROJECT_IDENTIFIER] not in config:
+            return ("Rejected: project not identified in config", 400)
+        if SECRET_TOKEN_HEADER not in flask.request.headers:
+            return ("Rejected: secret token not found in request", 403)
+        if config[data[PROJECT_IDENTIFIER]] != flask.request.headers[SECRET_TOKEN_HEADER]:
+            return ("Rejected: secret token found but is mismatch", 403)
+
        print(json.dumps(flask.request.json))

 def readExecutionConfig():