From 46b4efec562359fa581226b4efb05bb6c978e2ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?rich=CE=9Brd?= <info@richardramos.me>
Date: Mon, 15 Apr 2024 09:36:18 -0400
Subject: [PATCH] fix: validate lightpush requests (#1082)

---
 cmd/waku/server/rest/lightpush_rest.go       | 14 ++++++++++++++
 waku/v2/protocol/lightpush/waku_lightpush.go |  7 +++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/cmd/waku/server/rest/lightpush_rest.go b/cmd/waku/server/rest/lightpush_rest.go
index 87b3729d..5113271a 100644
--- a/cmd/waku/server/rest/lightpush_rest.go
+++ b/cmd/waku/server/rest/lightpush_rest.go
@@ -33,6 +33,7 @@ func (msg lightpushRequest) Check() error {
 	if msg.Message == nil {
 		return errors.New("waku message is required")
 	}
+
 	return nil
 }
 
@@ -66,6 +67,19 @@ func (serv *LightpushService) postMessagev1(w http.ResponseWriter, req *http.Req
 	message, err := request.Message.ToProto()
 	if err != nil {
 		w.WriteHeader(http.StatusBadRequest)
+		_, err = w.Write([]byte(err.Error()))
+		if err != nil {
+			serv.log.Error("writing response", zap.Error(err))
+		}
+		return
+	}
+
+	if err = message.Validate(); err != nil {
+		w.WriteHeader(http.StatusServiceUnavailable)
+		_, err = w.Write([]byte(err.Error()))
+		if err != nil {
+			serv.log.Error("writing response", zap.Error(err))
+		}
 		return
 	}
 
diff --git a/waku/v2/protocol/lightpush/waku_lightpush.go b/waku/v2/protocol/lightpush/waku_lightpush.go
index fafc27f5..00a2ca8a 100644
--- a/waku/v2/protocol/lightpush/waku_lightpush.go
+++ b/waku/v2/protocol/lightpush/waku_lightpush.go
@@ -126,7 +126,7 @@ func (wakuLP *WakuLightPush) onRequest(ctx context.Context) func(network.Stream)
 
 		responsePushRPC.RequestId = requestPushRPC.RequestId
 		if err := requestPushRPC.ValidateRequest(); err != nil {
-			responseMsg := err.Error()
+			responseMsg := "invalid request: " + err.Error()
 			responsePushRPC.Response.Info = &responseMsg
 			wakuLP.metrics.RecordError(requestBodyFailure)
 			wakuLP.reply(stream, responsePushRPC, logger)
@@ -204,6 +204,9 @@ func (wakuLP *WakuLightPush) request(ctx context.Context, req *pb.PushRequest, p
 		return nil, err
 	}
 	pushRequestRPC := &pb.PushRpc{RequestId: hex.EncodeToString(params.requestID), Request: req}
+	if err = pushRequestRPC.ValidateRequest(); err != nil {
+		return nil, err
+	}
 
 	writer := pbio.NewDelimitedWriter(stream)
 	reader := pbio.NewDelimitedReader(stream, math.MaxInt32)
@@ -233,7 +236,7 @@ func (wakuLP *WakuLightPush) request(ctx context.Context, req *pb.PushRequest, p
 
 	if err = pushResponseRPC.ValidateResponse(pushRequestRPC.RequestId); err != nil {
 		wakuLP.metrics.RecordError(responseBodyFailure)
-		return nil, err
+		return nil, fmt.Errorf("invalid response: %w", err)
 	}
 
 	return pushResponseRPC.Response, nil