Guard against invalid QR code requests

2017-02-19 11:01:02 +02:00 · 2017-02-19 11:01:02 +02:00 · 416178cf0a
parent d503c84928
commit 416178cf0a
1 changed files with 24 additions and 22 deletions
--- a/src/clj/commiteth/routes/qrcodes.clj
+++ b/src/clj/commiteth/routes/qrcodes.clj
@ -29,27 +29,29 @@
                       (generate-html address balance issue-url) width height)]
    (combine-images qr-code-image comment-image)))
 (defapi qr-routes
  (context "/qr" []
-           ;; user may be an organization here
+           (GET "/:owner/:repo/bounty/:issue{[0-9]{1,9}}/:hash/qr.png" [owner repo issue hash]
-           (GET "/:user/:repo/bounty/:issue{[0-9]{1,9}}/:hash/qr.png" [user repo issue hash]
+                (log/debug "qr PNG GET" owner repo issue hash (bounties/get-bounty-address owner
-                (log/debug "qr PNG GET" user repo issue hash)
+                                                        repo
-                (let [{address      :contract_address
+                                                        (Integer/parseInt issue)))
-                       login        :login
+                (when-let [{address      :contract_address
-                       repo         :repo
+                            login        :login
-                       issue-number :issue_number}
+                            repo         :repo
-                      (bounties/get-bounty-address user
+                            issue-number :issue_number}
-                                                   repo
+                           (bounties/get-bounty-address owner
-                                                   (Integer/parseInt issue))
+                                                        repo
-                      balance (eth/get-balance-eth address 8)]
+                                                        (Integer/parseInt issue))]
-                  (log/debug "address:" address "balance:" balance)
+                  (when address
-
+                    (let [balance (eth/get-balance-eth address 8)]
-                  (if (and address
+                      (log/debug "address:" address "balance:" balance)
-                           (= hash (github/github-comment-hash user repo issue)))
+                      (if (and address
-                    (let [issue-url (str login "/" repo "/issues/" issue-number)
+                               (= hash (github/github-comment-hash owner repo issue)))
-                          image-url (generate-image address balance issue-url 768 256)
+                        (let [issue-url (str login "/" repo "/issues/" issue-number)
-                          response  (assoc-in (ok image-url)
+                              image-url (generate-image address balance issue-url 768 256)
-                                              [:headers "cache-control"] "no-cache")]
+                              response  (assoc-in (ok image-url)
-                      (log/debug "balance:" address "response" response)
+                                                  [:headers "cache-control"] "no-cache")]
-                      response)
+                          (log/debug "balance:" address "response" response)
-                    (bad-request))))))
+                          response)
                        (bad-request))))))))