Guard against invalid QR code requests

This commit is contained in:
Teemu Patja 2017-02-19 11:01:02 +02:00
parent d503c84928
commit 416178cf0a
No known key found for this signature in database
GPG Key ID: F5B7035E6580FD4C
1 changed files with 24 additions and 22 deletions

View File

@ -29,27 +29,29 @@
(generate-html address balance issue-url) width height)]
(combine-images qr-code-image comment-image)))
(defapi qr-routes
(context "/qr" []
;; user may be an organization here
(GET "/:user/:repo/bounty/:issue{[0-9]{1,9}}/:hash/qr.png" [user repo issue hash]
(log/debug "qr PNG GET" user repo issue hash)
(let [{address :contract_address
login :login
repo :repo
issue-number :issue_number}
(bounties/get-bounty-address user
repo
(Integer/parseInt issue))
balance (eth/get-balance-eth address 8)]
(log/debug "address:" address "balance:" balance)
(if (and address
(= hash (github/github-comment-hash user repo issue)))
(let [issue-url (str login "/" repo "/issues/" issue-number)
image-url (generate-image address balance issue-url 768 256)
response (assoc-in (ok image-url)
[:headers "cache-control"] "no-cache")]
(log/debug "balance:" address "response" response)
response)
(bad-request))))))
(GET "/:owner/:repo/bounty/:issue{[0-9]{1,9}}/:hash/qr.png" [owner repo issue hash]
(log/debug "qr PNG GET" owner repo issue hash (bounties/get-bounty-address owner
repo
(Integer/parseInt issue)))
(when-let [{address :contract_address
login :login
repo :repo
issue-number :issue_number}
(bounties/get-bounty-address owner
repo
(Integer/parseInt issue))]
(when address
(let [balance (eth/get-balance-eth address 8)]
(log/debug "address:" address "balance:" balance)
(if (and address
(= hash (github/github-comment-hash owner repo issue)))
(let [issue-url (str login "/" repo "/issues/" issue-number)
image-url (generate-image address balance issue-url 768 256)
response (assoc-in (ok image-url)
[:headers "cache-control"] "no-cache")]
(log/debug "balance:" address "response" response)
response)
(bad-request))))))))