fix: webservice dispatch syntax check

Early bailout if the command field is not specified in the POST request. (Not doing this actually leads to an exception in the subsequent debug because command is an Array and it can't be added to a String, but ayway the early catch is cleaner error handling.) Also add a TODO about a potential improvement for permission error handling.
author: Giuseppe Bilotta <giuseppe.bilotta@gmail.com> 2021-06-09 09:33:43 +0200
committer: Matthias Hecker <36882671+mattzque@users.noreply.github.com> 2021-06-09 13:49:34 +0200
commit: 09849eb8adb566b2f17a7ee533cc4a10ac379fe7 (patch)
tree: 101831c8347866d594867ee1fbb02d17d00283be
parent: 28502d92c420aefa3832e57561044efa06b9ab8b (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/rbot/core/webservice.rb b/lib/rbot/core/webservice.rb
index 112ec85e..6f90c574 100644
--- a/lib/rbot/core/webservice.rb
+++ b/lib/rbot/core/webservice.rb
@@ -531,6 +531,11 @@ class WebServiceModule < CoreBotModule
     end
 
     command = m.post['command']
+    if command.empty?
+      m.send_plaintext('wrong syntax', 400)
+      return
+    end
+
     if not m.source
       botuser = Auth::defaultbotuser
     else
@@ -544,6 +549,8 @@ class WebServiceModule < CoreBotModule
     message = Irc::PrivMessage.new(@bot, nil, user, @bot.myself, command)
 
     res = @bot.plugins.irc_delegate('privmsg', message)
+    # TODO if delegation failed due to wrong auth, it should be reported
+    # as an error, not 200 OK
 
     if m.req['Accept'] == 'application/json'
       { :reply => user.response }
author	Giuseppe Bilotta <giuseppe.bilotta@gmail.com>	2021-06-09 09:33:43 +0200
committer	Matthias Hecker <36882671+mattzque@users.noreply.github.com>	2021-06-09 13:49:34 +0200
commit	09849eb8adb566b2f17a7ee533cc4a10ac379fe7 (patch)
tree	101831c8347866d594867ee1fbb02d17d00283be
parent	28502d92c420aefa3832e57561044efa06b9ab8b (diff)