From f1e3570546743ae2d9630bc8af08694bcf07c65d Mon Sep 17 00:00:00 2001 From: Braydon Date: Wed, 31 May 2023 02:19:48 -0400 Subject: [PATCH] Request body validation --- .../license/controller/LicenseController.java | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/main/java/me/braydon/license/controller/LicenseController.java b/src/main/java/me/braydon/license/controller/LicenseController.java index 82b3fa9..ed7d6c7 100644 --- a/src/main/java/me/braydon/license/controller/LicenseController.java +++ b/src/main/java/me/braydon/license/controller/LicenseController.java @@ -1,5 +1,6 @@ package me.braydon.license.controller; +import com.google.gson.JsonElement; import com.google.gson.JsonObject; import jakarta.servlet.http.HttpServletRequest; import lombok.NonNull; @@ -8,6 +9,7 @@ import me.braydon.license.exception.APIException; import me.braydon.license.model.License; import me.braydon.license.service.LicenseService; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; @@ -45,11 +47,21 @@ public final class LicenseController { String ip = request.getRemoteAddr(); // The IP of the requester JsonObject jsonObject = LicenseServer.GSON.fromJson(body, JsonObject.class); - String key = jsonObject.get("key").getAsString(); // Get the key - String product = jsonObject.get("product").getAsString(); // Get the product - String hwid = jsonObject.get("hwid").getAsString(); // Get the hwid + JsonElement key = jsonObject.get("key"); // Get the key + JsonElement product = jsonObject.get("product"); // Get the product + JsonElement hwid = jsonObject.get("hwid"); // Get the hwid - service.check(key, product, ip, hwid); // Check the license + // Ensure the body keys aren't null + if (key.isJsonNull() || product.isJsonNull() || hwid.isJsonNull()) { + throw new APIException(HttpStatus.BAD_REQUEST, "Invalid request body"); + } + // Check the license + service.check( + key.getAsString(), + product.getAsString(), + ip, + hwid.getAsString() + ); return ResponseEntity.ok().build(); // Return OK } catch (APIException ex) { // Handle the exception return ResponseEntity.status(ex.getStatus())