From: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Date: Wed, 9 Jun 2021 07:33:43 +0000 (+0200)
Subject: fix: webservice dispatch syntax check
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=09849eb8adb566b2f17a7ee533cc4a10ac379fe7;p=user%2Fhenk%2Fcode%2Fruby%2Frbot.git

fix: webservice dispatch syntax check

Early bailout if the command field is not specified in the POST request.

(Not doing this actually leads to an exception in the subsequent debug
because command is an Array and it can't be added to a String,
but ayway the early catch is cleaner error handling.)

Also add a TODO about a potential improvement for permission error handling.
---

diff --git a/lib/rbot/core/webservice.rb b/lib/rbot/core/webservice.rb
index 112ec85e..6f90c574 100644
--- a/lib/rbot/core/webservice.rb
+++ b/lib/rbot/core/webservice.rb
@@ -531,6 +531,11 @@ class WebServiceModule < CoreBotModule
     end
 
     command = m.post['command']
+    if command.empty?
+      m.send_plaintext('wrong syntax', 400)
+      return
+    end
+
     if not m.source
       botuser = Auth::defaultbotuser
     else
@@ -544,6 +549,8 @@ class WebServiceModule < CoreBotModule
     message = Irc::PrivMessage.new(@bot, nil, user, @bot.myself, command)
 
     res = @bot.plugins.irc_delegate('privmsg', message)
+    # TODO if delegation failed due to wrong auth, it should be reported
+    # as an error, not 200 OK
 
     if m.req['Accept'] == 'application/json'
       { :reply => user.response }