RanchiMall/flosight-api
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add util to other routes for input validation.

Browse Source
This commit is contained in:
tenthirtyone 2017-08-17 16:28:30 -04:00
parent 3f7ad54b2e
commit 898e373b77
3 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/lib/api/address.js
View File

@ -1,6 +1,7 @@
const logger = require('../logger'); const logger = require('../logger');
const request = require('request'); const request = require('request');
const config = require('../../config'); const config = require('../../config');
const util = require('../util');
const API_URL = `http://${config.bcoin_http}:${config.bcoin['http-port']}`; const API_URL = `http://${config.bcoin_http}:${config.bcoin['http-port']}`;
const TTL = config.api.request_ttl; const TTL = config.api.request_ttl;
@ -8,6 +9,13 @@ const TTL = config.api.request_ttl;
module.exports = function AddressAPI(router) { module.exports = function AddressAPI(router) {
router.get('/addr/:addr', (req, res) => { router.get('/addr/:addr', (req, res) => {
const addr = req.params.addr || ''; const addr = req.params.addr || '';
if (!util.isBitcoinAddress(addr)) {
return res.status(400).send({
error: 'Invalid bitcoin address',
});
}
logger.log('debug', logger.log('debug',
'Warning: Requesting data from Bcoin by address, may take some time'); 'Warning: Requesting data from Bcoin by address, may take some time');
// Get Bcoin data // Get Bcoin data

20
server/lib/api/block.js
View File

@ -1,11 +1,20 @@
const logger = require('../logger'); const logger = require('../logger');
const db = require('../db'); const db = require('../db');
const util = require('../util');
module.exports = function BlockAPI(router) { module.exports = function BlockAPI(router) {
router.get('/block/:blockHash', (req, res) => { router.get('/block/:blockHash', (req, res) => {
const blockHash = req.params.blockHash;
if (!util.isBlockHash(blockHash)) {
return res.status(400).send({
error: 'Invalid bitcoin address',
});
}
// Pass Mongo params, fields and limit to db api. // Pass Mongo params, fields and limit to db api.
db.blocks.getBlock( db.blocks.getBlock(
{ hash: req.params.blockHash }, { hash: blockHash },
{ rawBlock: 0 }, { rawBlock: 0 },
1, 1,
(err, block) => { (err, block) => {
@ -73,6 +82,13 @@ module.exports = function BlockAPI(router) {
router.get('/rawblock/:blockHash', (req, res) => { router.get('/rawblock/:blockHash', (req, res) => {
const blockHash = req.params.blockHash || ''; const blockHash = req.params.blockHash || '';
if (!util.isBlockHash(blockHash)) {
return res.status(400).send({
error: 'Invalid bitcoin address',
});
}
// Pass Mongo params, fields and limit to db api. // Pass Mongo params, fields and limit to db api.
db.blocks.getBlock( db.blocks.getBlock(
{ hash: blockHash }, { hash: blockHash },

9
server/lib/api/message.js
View File

@ -1,10 +1,17 @@
const Message = require('bitcore-message'); const Message = require('bitcore-message');
const util = require('../util');
// Copied from previous source // Copied from previous source
function verifyMessage(req, res) { function verifyMessage(req, res) {
const address = req.body.address || req.query.address; const address = req.body.address || req.query.address;
const signature = req.body.signature || req.query.signature; const signature = req.body.signature || req.query.signature;
const message = req.body.message || req.query.message; const message = req.body.message || req.query.message;
if (!util.isBitcoinAddress(address)) {
return res.status(400).send({
error: 'Invalid bitcoin address',
});
}
if (!address || !signature || !message) { if (!address || !signature || !message) {
res.json({ res.json({
message: 'Missing parameters (expected "address", "signature" and "message")', message: 'Missing parameters (expected "address", "signature" and "message")',