summaryrefslogtreecommitdiff
path: root/lib/rbot
diff options
context:
space:
mode:
authorGiuseppe Bilotta <giuseppe.bilotta@gmail.com>2021-06-09 09:33:43 +0200
committerMatthias Hecker <36882671+mattzque@users.noreply.github.com>2021-06-09 13:49:34 +0200
commit09849eb8adb566b2f17a7ee533cc4a10ac379fe7 (patch)
tree101831c8347866d594867ee1fbb02d17d00283be /lib/rbot
parent28502d92c420aefa3832e57561044efa06b9ab8b (diff)
fix: webservice dispatch syntax check
Early bailout if the command field is not specified in the POST request. (Not doing this actually leads to an exception in the subsequent debug because command is an Array and it can't be added to a String, but ayway the early catch is cleaner error handling.) Also add a TODO about a potential improvement for permission error handling.
Diffstat (limited to 'lib/rbot')
-rw-r--r--lib/rbot/core/webservice.rb7
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/rbot/core/webservice.rb b/lib/rbot/core/webservice.rb
index 112ec85e..6f90c574 100644
--- a/lib/rbot/core/webservice.rb
+++ b/lib/rbot/core/webservice.rb
@@ -531,6 +531,11 @@ class WebServiceModule < CoreBotModule
end
command = m.post['command']
+ if command.empty?
+ m.send_plaintext('wrong syntax', 400)
+ return
+ end
+
if not m.source
botuser = Auth::defaultbotuser
else
@@ -544,6 +549,8 @@ class WebServiceModule < CoreBotModule
message = Irc::PrivMessage.new(@bot, nil, user, @bot.myself, command)
res = @bot.plugins.irc_delegate('privmsg', message)
+ # TODO if delegation failed due to wrong auth, it should be reported
+ # as an error, not 200 OK
if m.req['Accept'] == 'application/json'
{ :reply => user.response }