From 6f316c09b04b8acfc58a2d6dca9d54cfafdd32e1 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Mon, 2 Dec 2019 22:40:24 +0100
Subject: [PATCH] Check for GitLab token

---
 config.sample.yml | 1 +
 gl-rt-bridge.rb   | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/config.sample.yml b/config.sample.yml
index a7b68e3..14ee27c 100644
--- a/config.sample.yml
+++ b/config.sample.yml
@@ -1,5 +1,6 @@
 ---
 issue_tag: RT
+token:
 rt:
   server: https://rt.example.org/
   user: gl-bridge
diff --git a/gl-rt-bridge.rb b/gl-rt-bridge.rb
index 3141a40..a999e97 100755
--- a/gl-rt-bridge.rb
+++ b/gl-rt-bridge.rb
@@ -16,6 +16,9 @@ rt = RT_Client.new(server: settings.rt[:server],
                    cookies: settings.rt[:cookies])
 
 post '/' do # rubocop:disable Metrics/BlockLength
+  if not settings.token.nil?
+    halt 403 unless request.env['HTTP_X_GITLAB_TOKEN'] == settings.token
+  end
   gitlab_event = request.env['HTTP_X_GITLAB_EVENT']
   case gitlab_event
   when 'Push Hook'
-- 
GitLab