public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

APIHandler.js: further cleanup 

- removed possible issue with failing to sanitize `padName` if `padId` was also
  supplied
- removed unnecessary `try` block
- simplified API and function name matching tests
pull/3559/head
Ray Bellis 2019-01-30 10:41:10 +00:00
parent 982d4f380a
commit 58d0e6cea4
1 changed files with 15 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/node/handler/APIHandler.js
View File

@ -19,7 +19,6 @@
*/ */
var absolutePaths = require('../utils/AbsolutePaths'); var absolutePaths = require('../utils/AbsolutePaths');
var ERR = require("async-stacktrace");
var fs = require("fs"); var fs = require("fs");
var api = require("../db/API"); var api = require("../db/API");
var log4js = require('log4js'); var log4js = require('log4js');
@ -152,35 +151,16 @@ exports.version = version;
*/ */
exports.handle = async function(apiVersion, functionName, fields, req, res) exports.handle = async function(apiVersion, functionName, fields, req, res)
{ {
//check if this is a valid apiversion
var isKnownApiVersion = false;
for (var knownApiVersion in version) {
if (knownApiVersion == apiVersion) {
isKnownApiVersion = true;
break;
}
}
// say goodbye if this is an unknown API version // say goodbye if this is an unknown API version
if (!isKnownApiVersion) { if (!(apiVersion in version)) {
res.statusCode = 404; res.statusCode = 404;
res.send({code: 3, message: "no such api version", data: null}); res.send({code: 3, message: "no such api version", data: null});
return; return;
} }
// check if this is a valid function name
var isKnownFunctionname = false;
for (var knownFunctionname in version[apiVersion]) {
if (knownFunctionname == functionName) {
isKnownFunctionname = true;
break;
}
}
// say goodbye if this is an unknown function // say goodbye if this is an unknown function
if (!isKnownFunctionname) { if (!(functionName in version[apiVersion])) {
// no status code?!
res.send({code: 3, message: "no such function", data: null}); res.send({code: 3, message: "no such function", data: null});
return; return;
} }
@ -194,17 +174,19 @@ exports.handle = async function(apiVersion, functionName, fields, req, res)
return; return;
} }
try { // sanitize any padIDs before continuing
// sanitize any padIDs before continuing if (fields["padID"]) {
if (fields["padID"]) { fields["padID"] = await padManager.sanitizePadId(fields["padID"]);
fields["padID"] = await padManager.sanitizePadId(fields["padID"]);
} else if (fields["padName"]) {
fields["padName"] = await padManager.sanitizePadId(fields["padName"]);
}
await callAPI(apiVersion, functionName, fields, req, res);
} catch (e) {
ERR(e);
} }
// there was an 'else' here before - removed it to ensure
// that this sanitize step can't be circumvented by forcing
// the first branch to be taken
if (fields["padName"]) {
fields["padName"] = await padManager.sanitizePadId(fields["padName"]);
}
// no need to await - callAPI returns a promise
return callAPI(apiVersion, functionName, fields, req, res);
} }
// calls the api function // calls the api function