feat: added incoming requests verification (#143)

Author: alexhook

app/api/endpoints/botx.py

@@ -9,8 +9,10 @@
     BotXMethodCallbackNotFoundError,
     UnknownBotAccountError,
     UnsupportedBotAPIVersionError,
+    UnverifiedRequestError,
     build_bot_disabled_response,
     build_command_accepted_response,
+    build_unverified_request_response,
 )
 from pybotx.constants import BOT_API_VERSION
 
@@ -25,8 +27,11 @@
 async def command_handler(request: Request, bot: Bot = bot_dependency) -> JSONResponse:
     """Receive commands from users. Max timeout - 5 seconds."""
 
-    try:
-        bot.async_execute_raw_bot_command(await request.json())
+    try:  # noqa: WPS225
+        bot.async_execute_raw_bot_command(
+            await request.json(),
+            request_headers=request.headers,
+        )
     except ValueError:
         error_label = "Bot command validation error"
 
@@ -58,6 +63,14 @@ async def command_handler(request: Request, bot: Bot = bot_dependency) -> JSONRe
             build_bot_disabled_response(error_label),
             status_code=HTTPStatus.SERVICE_UNAVAILABLE,
         )
+    except UnverifiedRequestError as exc:
+        logger.warning(f"UnverifiedRequestError: {exc.args[0]}")
+        return JSONResponse(
+            content=build_unverified_request_response(
+                status_message=exc.args[0],
+            ),
+            status_code=HTTPStatus.UNAUTHORIZED,
+        )
 
     return JSONResponse(
         build_command_accepted_response(), status_code=HTTPStatus.ACCEPTED
@@ -69,7 +82,10 @@ async def status_handler(request: Request, bot: Bot = bot_dependency) -> JSONRes
     """Show bot status and commands list."""
 
     try:
-        status = await bot.raw_get_status(dict(request.query_params))
+        status = await bot.raw_get_status(
+            dict(request.query_params),
+            request_headers=request.headers,
+        )
     except UnknownBotAccountError as exc:
         error_label = f"Unknown bot_id: {exc.bot_id}"
         logger.warning(exc)
@@ -83,6 +99,14 @@ async def status_handler(request: Request, bot: Bot = bot_dependency) -> JSONRes
         return JSONResponse(
             build_bot_disabled_response(error_label), status_code=HTTPStatus.BAD_REQUEST
         )
+    except UnverifiedRequestError as exc:
+        logger.warning(f"UnverifiedRequestError: {exc.args[0]}")
+        return JSONResponse(
+            content=build_unverified_request_response(
+                status_message=exc.args[0],
+            ),
+            status_code=HTTPStatus.UNAUTHORIZED,
+        )
 
     return JSONResponse(status)
 
@@ -92,7 +116,10 @@ async def callback_handler(request: Request, bot: Bot = bot_dependency) -> JSONR
     """Process BotX methods callbacks."""
 
     try:
-        await bot.set_raw_botx_method_result(await request.json())
+        await bot.set_raw_botx_method_result(
+            await request.json(),
+            verify_request=False,
+        )
     except BotXMethodCallbackNotFoundError as exc:
         error_label = f"Unexpected callback with sync_id: {exc.sync_id}"
         logger.warning(error_label)