From 02e0f958e784b6a8558907059a9aa8bd91f0fbc1 Mon Sep 17 00:00:00 2001 From: Ori Kotek Date: Thu, 31 Aug 2023 14:56:45 +0300 Subject: [PATCH] Add Gitlab webhook secret --- pr_agent/servers/gitlab_webhook.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pr_agent/servers/gitlab_webhook.py b/pr_agent/servers/gitlab_webhook.py index c9b623f7..6e48054f 100644 --- a/pr_agent/servers/gitlab_webhook.py +++ b/pr_agent/servers/gitlab_webhook.py @@ -15,6 +15,10 @@ router = APIRouter() @router.post("/webhook") async def gitlab_webhook(background_tasks: BackgroundTasks, request: Request): + if get_settings().get("GITLAB.SHARED_SECRET"): + secret = get_settings().get("GITLAB.SHARED_SECRET") + if not request.headers.get("X-Gitlab-Token") == secret: + return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content=jsonable_encoder({"message": "unauthorized"})) data = await request.json() if data.get('object_kind') == 'merge_request' and data['object_attributes'].get('action') in ['open', 'reopen']: logging.info(f"A merge request has been opened: {data['object_attributes'].get('title')}")