LBRYCommunity/lbry.tech
1
0
Fork 0
Code Issues 13 Pull requests 8 Projects Releases Packages Wiki Activity

Harden hook

Browse source
This commit is contained in:
Kristian Polso 2018-05-23 17:25:16 +03:00
parent aedba893c6
commit 4846d8ebe6
1 changed files with 28 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
server.js
View file

@ -29,13 +29,26 @@ app.use(sslRedirect(['other','development', 'staging', 'production']));
app.get('/forward', function(req, res) { app.get('/forward', function(req, res) {
var allowedMethods = ["wallet_send", "resolve", "publish"];
if(typeof req.query.method != "undefined") { if(typeof req.query.method != "undefined") {
if(allowedMethods.includes(req.query.method)) {
// We should whitelist the query parameters here // We should whitelist the query parameters here
// Hardcode the wallet_send amount to be 0.01 always
if(req.query.method == "wallet_send") { if(req.query.method == "wallet_send") {
// Hardcode the wallet_send amount to be always 0.01 always
req.query.amount = 0.01; req.query.amount = 0.01;
// Whitelist claim ids
var allowedClaims = ["fbdcd44a97810522d23d5f1335b8ca04be9d776c", "de7f7fa33e8d879b2bae7238d2bdf827a39f9301", "5b7c7a202201033d99e1be2930d290c127c0f4fe", "a1372cf5523885f5923237bfe522f02f5f054362"];
if(!allowedClaims.includes(req.query.claim_id)) {
res.json({});
}
} }
request({ request({
@ -45,7 +58,9 @@ app.get('/forward', function(req, res) {
// Should we parse the body before forwarding? // Should we parse the body before forwarding?
res.setHeader('Content-Type', 'application/json'); res.setHeader('Content-Type', 'application/json');
res.send(body); res.send(body);
}) });
}
} }