Request body validation
This commit is contained in:
@ -1,5 +1,6 @@
|
|||||||
package me.braydon.license.controller;
|
package me.braydon.license.controller;
|
||||||
|
|
||||||
|
import com.google.gson.JsonElement;
|
||||||
import com.google.gson.JsonObject;
|
import com.google.gson.JsonObject;
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import lombok.NonNull;
|
import lombok.NonNull;
|
||||||
@ -8,6 +9,7 @@ import me.braydon.license.exception.APIException;
|
|||||||
import me.braydon.license.model.License;
|
import me.braydon.license.model.License;
|
||||||
import me.braydon.license.service.LicenseService;
|
import me.braydon.license.service.LicenseService;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
@ -45,11 +47,21 @@ public final class LicenseController {
|
|||||||
String ip = request.getRemoteAddr(); // The IP of the requester
|
String ip = request.getRemoteAddr(); // The IP of the requester
|
||||||
|
|
||||||
JsonObject jsonObject = LicenseServer.GSON.fromJson(body, JsonObject.class);
|
JsonObject jsonObject = LicenseServer.GSON.fromJson(body, JsonObject.class);
|
||||||
String key = jsonObject.get("key").getAsString(); // Get the key
|
JsonElement key = jsonObject.get("key"); // Get the key
|
||||||
String product = jsonObject.get("product").getAsString(); // Get the product
|
JsonElement product = jsonObject.get("product"); // Get the product
|
||||||
String hwid = jsonObject.get("hwid").getAsString(); // Get the hwid
|
JsonElement hwid = jsonObject.get("hwid"); // Get the hwid
|
||||||
|
|
||||||
service.check(key, product, ip, hwid); // Check the license
|
// Ensure the body keys aren't null
|
||||||
|
if (key.isJsonNull() || product.isJsonNull() || hwid.isJsonNull()) {
|
||||||
|
throw new APIException(HttpStatus.BAD_REQUEST, "Invalid request body");
|
||||||
|
}
|
||||||
|
// Check the license
|
||||||
|
service.check(
|
||||||
|
key.getAsString(),
|
||||||
|
product.getAsString(),
|
||||||
|
ip,
|
||||||
|
hwid.getAsString()
|
||||||
|
);
|
||||||
return ResponseEntity.ok().build(); // Return OK
|
return ResponseEntity.ok().build(); // Return OK
|
||||||
} catch (APIException ex) { // Handle the exception
|
} catch (APIException ex) { // Handle the exception
|
||||||
return ResponseEntity.status(ex.getStatus())
|
return ResponseEntity.status(ex.getStatus())
|
||||||
|
Reference in New Issue
Block a user