Harden hook
This commit is contained in:
parent
aedba893c6
commit
4846d8ebe6
1 changed files with 28 additions and 13 deletions
19
server.js
19
server.js
|
@ -29,13 +29,26 @@ app.use(sslRedirect(['other','development', 'staging', 'production']));
|
|||
|
||||
app.get('/forward', function(req, res) {
|
||||
|
||||
var allowedMethods = ["wallet_send", "resolve", "publish"];
|
||||
|
||||
if(typeof req.query.method != "undefined") {
|
||||
|
||||
if(allowedMethods.includes(req.query.method)) {
|
||||
|
||||
// We should whitelist the query parameters here
|
||||
|
||||
// Hardcode the wallet_send amount to be 0.01 always
|
||||
if(req.query.method == "wallet_send") {
|
||||
|
||||
// Hardcode the wallet_send amount to be always 0.01 always
|
||||
req.query.amount = 0.01;
|
||||
|
||||
// Whitelist claim ids
|
||||
var allowedClaims = ["fbdcd44a97810522d23d5f1335b8ca04be9d776c", "de7f7fa33e8d879b2bae7238d2bdf827a39f9301", "5b7c7a202201033d99e1be2930d290c127c0f4fe", "a1372cf5523885f5923237bfe522f02f5f054362"];
|
||||
|
||||
if(!allowedClaims.includes(req.query.claim_id)) {
|
||||
res.json({});
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
request({
|
||||
|
@ -45,7 +58,9 @@ app.get('/forward', function(req, res) {
|
|||
// Should we parse the body before forwarding?
|
||||
res.setHeader('Content-Type', 'application/json');
|
||||
res.send(body);
|
||||
})
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue