From 27e2fe661df3e299d6ef9f5dfa39f12f4633746a Mon Sep 17 00:00:00 2001 From: kaotisk Date: Mon, 10 Apr 2023 15:52:13 +0300 Subject: Made getZblock a bit more secure and not able to crash the app --- api/routes/getZblock/index.js | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'api/routes/getZblock') diff --git a/api/routes/getZblock/index.js b/api/routes/getZblock/index.js index af14ae3..5e5138a 100644 --- a/api/routes/getZblock/index.js +++ b/api/routes/getZblock/index.js @@ -10,8 +10,8 @@ const config = require("../../config"); * { zlatest: "Qm..." } * */ -module.exports = (req, res) => { - const command = spawn("ak-zblock-cache",[req.query.zblock]); +function fetchZblock(zblock, res){ + const command = spawn("ak-zblock-cache",[zblock]); command.stdout.on("data", data => { }); @@ -27,9 +27,33 @@ module.exports = (req, res) => { console.log(`child process exited with code ${code}`); if ( code == 0 ) { - res.send(JSON.parse(fs.readFileSync(config.zblockDir+"/"+req.query.zblock))); + const path = config.zblockDir+"/"+zblock; + try { + if(fs.existsSync(path)){ + res.send(JSON.parse(fs.readFileSync(path))); + } + } catch (error) { + res.send({"error":error}); + } } else { res.send({"error":"error"}); } }); }; +module.exports = (req, res) => { + console.log(req.query) + if ( (req.query.zblock) && req.query.zblock.length === 46 ){ + regex= /Qm[A-Za-z0-9]{44}/; + if (regex.test(req.query.zblock)){ + if (req.query.zblock === "QmbFMke1KXqnYyBBWxB74N4c5SBnJMVAiMNRcGu6x1AwQH" ){ + res.send({errno:"Genesis block"}); + } else { + fetchZblock(req.query.zblock,res); + } + } else { + res.send({errno:"Invalid data: regexp failed to pass"}); + } + } else { + res.send({errno:"Invalid data: no valid zblock was provided"}); + } +} -- cgit v1.2.3