141 lines
3.6 KiB
JavaScript
141 lines
3.6 KiB
JavaScript
const util = require('../../util');
|
|
|
|
// Strip the request, sanitize inputs, rebuild
|
|
module.exports = function sanitize(req, res, next) {
|
|
const params = req.params || null;
|
|
const body = req.body || null;
|
|
const query = req.query || null;
|
|
|
|
let cleanParams = null;
|
|
let cleanBody = null;
|
|
let cleanQuery = null;
|
|
|
|
// req.params
|
|
if (params) {
|
|
// Transaction Id
|
|
if (params.txid && !util.isTxid(params.txid)) {
|
|
return res.status(404).send({
|
|
error: 'Invalid Transaction Id',
|
|
});
|
|
}
|
|
// Address
|
|
if (params.addr && typeof (params.addr) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Bitcoin Address',
|
|
});
|
|
}
|
|
// Block Hash
|
|
if (params.blockHash && typeof (params.blockHash) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Block Hash',
|
|
});
|
|
}
|
|
// Height
|
|
if (params.height) {
|
|
if (typeof (params.height) !== 'number') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Block Hash',
|
|
});
|
|
}
|
|
params.height = parseInt(params.height, 10);
|
|
}
|
|
|
|
cleanParams = {
|
|
txid: params.txid || null,
|
|
addr: params.addr || null,
|
|
blockHash: params.blockHash || null,
|
|
height: params.height || null,
|
|
};
|
|
}
|
|
|
|
// req.body
|
|
if (body) {
|
|
// Signature
|
|
if (body.signature && typeof (body.signature) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Signature',
|
|
});
|
|
}
|
|
// Message
|
|
if (body.message && typeof (body.message) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Message',
|
|
});
|
|
}
|
|
// Address
|
|
if (body.address && !util.isBitcoinAddress(body.address)) {
|
|
return res.status(404).send({
|
|
error: 'Invalid Bitcoin Address',
|
|
});
|
|
}
|
|
cleanBody = {
|
|
signature: body.signature || null,
|
|
message: body.message || null,
|
|
address: body.address || null,
|
|
};
|
|
}
|
|
|
|
if (query) {
|
|
// Address
|
|
if (query.address && !util.isBitcoinAddress(query.address)) {
|
|
return res.status(404).send({
|
|
error: 'Invalid Bitcoin Address',
|
|
});
|
|
}
|
|
// Signature
|
|
if (query.signature && typeof (query.signature) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Signature',
|
|
});
|
|
}
|
|
// Message
|
|
if (query.message && typeof (query.message) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Message',
|
|
});
|
|
}
|
|
// q
|
|
if (query.q && typeof (query.q) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Q',
|
|
});
|
|
}
|
|
// Page Number
|
|
if (query.pageNum && typeof (query.pageNum) !== 'number') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Page Number',
|
|
});
|
|
}
|
|
// Block (hash - implicit)
|
|
if (query.block && typeof (query.block) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Block',
|
|
});
|
|
}
|
|
// Raw Tx
|
|
if (query.rawtx && typeof (query.rawtx) !== 'string') {
|
|
return res.status(404).send({
|
|
error: 'Invalid Bitcoin Address',
|
|
});
|
|
}
|
|
|
|
cleanQuery = {
|
|
address: query.address || null,
|
|
signature: query.signature || null,
|
|
message: query.message || null,
|
|
q: query.q || null,
|
|
pageNum: query.pageNum || null,
|
|
block: query.block || null,
|
|
rawtx: query.rawtx || null,
|
|
};
|
|
}
|
|
|
|
// Strip off unexpected params
|
|
req.params = cleanParams;
|
|
req.body = cleanBody;
|
|
req.query = cleanQuery;
|
|
|
|
return next();
|
|
};
|
|
|