Mise à jour du système de whitelist, sécurité et logging
This commit is contained in:
parent
d82f704c75
commit
1e384032be
7 changed files with 199 additions and 145 deletions
|
|
@ -9,10 +9,12 @@ import os
|
|||
import asyncio
|
||||
|
||||
kuby_logger = logging.getLogger("KubyBot")
|
||||
REPORTS_FILE = "data/gitlab_reports.json"
|
||||
# Utilisation de chemins absolus pour la persistance après reboot
|
||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
REPORTS_FILE = os.path.join(BASE_DIR, "data", "gitlab_reports.json")
|
||||
|
||||
def save_report(issue_iid, user_id):
|
||||
os.makedirs("data", exist_ok=True)
|
||||
os.makedirs(os.path.dirname(REPORTS_FILE), exist_ok=True)
|
||||
try:
|
||||
if os.path.exists(REPORTS_FILE):
|
||||
with open(REPORTS_FILE, "r") as f:
|
||||
|
|
@ -152,7 +154,23 @@ class BugReport(commands.Cog):
|
|||
self.bot.loop.create_task(cleanup())
|
||||
|
||||
async def handle_bot_event(self, request):
|
||||
# Vérification de la sécurité (Secret Token GitLab)
|
||||
webhook_secret = os.getenv("GITLAB_WEBHOOK_SECRET")
|
||||
if webhook_secret:
|
||||
provided_token = request.headers.get("X-Gitlab-Token")
|
||||
if provided_token != webhook_secret:
|
||||
kuby_logger.warning("Unauthorised webhook attempt detected (invalid X-Gitlab-Token).")
|
||||
return web.json_response({"status": "unauthorised"}, status=401)
|
||||
|
||||
try:
|
||||
# On attend que le bot soit prêt si on vient de rebooter
|
||||
if not self.bot.is_ready():
|
||||
kuby_logger.info("Webhook received but bot is not ready yet. Waiting up to 10s...")
|
||||
try:
|
||||
await asyncio.wait_for(self.bot.wait_until_ready(), timeout=10.0)
|
||||
except asyncio.TimeoutError:
|
||||
kuby_logger.warning("Bot still not ready after 10s. Proceeding anyway (best effort).")
|
||||
|
||||
payload = await request.json()
|
||||
|
||||
event_type = payload.get("object_kind")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue