From 395ebbe9f8a2c6454b3d8e64f0c663358502a2a4 Mon Sep 17 00:00:00 2001
From: Flummi <flummi@srv.fail>
Date: Sat, 10 Sep 2016 18:26:03 +0200
Subject: [PATCH] added token

---
 src/websrv.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/websrv.js b/src/websrv.js
index f6c2b8f..848e8e0 100644
--- a/src/websrv.js
+++ b/src/websrv.js
@@ -23,7 +23,7 @@ function Websrv(tbot, tsql, tlib) {
       if(filePath == './')
         filePath = './index.html';
       if(req.method == 'POST') {
-        if(filePath == './git') {
+        if(filePath == './git' && req.headers['x-gitlab-token'] == cfg.gittoken) {
           var body = '';
           req.on('data', (data) => {
             body += data;
@@ -40,6 +40,9 @@ function Websrv(tbot, tsql, tlib) {
           res.writeHead(200, { 'Content-Type': 'text/html' });
           res.end('muh', 'utf-8');
         }
+        else {
+          res.writeHead(403);
+        }
       }
       else {
         var extname = String(path.extname(filePath)).toLowerCase();