Add Gitlab webhook secret

2025-07-02 11:50:37 +08:00 · 2023-08-31 14:56:45 +03:00
parent 244cbbd27f
commit 02e0f958e7
1 changed files with 4 additions and 0 deletions
--- a/pr_agent/servers/gitlab_webhook.py
+++ b/pr_agent/servers/gitlab_webhook.py
@ -15,6 +15,10 @@ router = APIRouter()

@router.post("/webhook")
 async def gitlab_webhook(background_tasks: BackgroundTasks, request: Request):
+    if get_settings().get("GITLAB.SHARED_SECRET"):
+        secret = get_settings().get("GITLAB.SHARED_SECRET")
+        if not request.headers.get("X-Gitlab-Token") == secret:
+            return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content=jsonable_encoder({"message": "unauthorized"}))
    data = await request.json()
    if data.get('object_kind') == 'merge_request' and data['object_attributes'].get('action') in ['open', 'reopen']:
        logging.info(f"A merge request has been opened: {data['object_attributes'].get('title')}")