[api] check against a sha-1 digest hex length of 40 chars

This commit is contained in:
Bart Van Der Meerssche 2011-03-26 11:06:06 +00:00
parent 285833b1f8
commit 64b67598d7
2 changed files with 20 additions and 14 deletions

View file

@ -50,11 +50,26 @@ check_version(_, _) ->
{false, false}. {false, false}.
check_sensor(Sensor) -> check_sensor(Sensor) ->
check_32hex(Sensor). check_hex(Sensor, 32).
check_32hex(String) -> check_token(undefined, undefined) ->
{false, false};
check_token(Token, undefined) ->
check_hex(Token, 32);
check_token(undefined, Token) ->
check_hex(Token, 32);
check_token(_, _) ->
{false, false}.
check_digest(Digest) ->
check_hex(Digest, 40).
check_device(Device) ->
check_hex(Device, 32).
check_hex(String, Length) ->
case re:run(String, "[0-9a-f]+", []) of case re:run(String, "[0-9a-f]+", []) of
{match, [{0,32}]} -> {String, true}; {match, [{0, Length}]} -> {String, true};
_ -> {false, false} _ -> {false, false}
end. end.
@ -102,15 +117,6 @@ check_unit(Unit) ->
{_Unit, RrdFactor} -> {RrdFactor, true} {_Unit, RrdFactor} -> {RrdFactor, true}
end. end.
check_token(undefined, undefined) ->
{false, false};
check_token(Token, undefined) ->
check_32hex(Token);
check_token(undefined, Token) ->
check_32hex(Token);
check_token(_, _) ->
{false, false}.
check_jsonp_callback(undefined) -> check_jsonp_callback(undefined) ->
{undefined, true}; {undefined, true};
check_jsonp_callback(JsonpCallback) -> check_jsonp_callback(JsonpCallback) ->

View file

@ -40,8 +40,8 @@ allowed_methods(ReqData, State) ->
malformed_request(ReqData, State) -> malformed_request(ReqData, State) ->
{_Version, ValidVersion} = check_version(wrq:get_req_header("X-Version", ReqData)), {_Version, ValidVersion} = check_version(wrq:get_req_header("X-Version", ReqData)),
{_Device, ValidDevice} = check_32hex(wrq:get_req_header("X-Device", ReqData)), {_Device, ValidDevice} = check_device(wrq:get_req_header("X-Device", ReqData)),
{_Digest, ValidDigest} = check_32hex(wrq:get_req_header("X-Digest", ReqData)), {_Digest, ValidDigest} = check_digest(wrq:get_req_header("X-Digest", ReqData)),
{case {ValidVersion, ValidDevice, ValidDigest} of {case {ValidVersion, ValidDevice, ValidDigest} of
{true, true, true} -> false; {true, true, true} -> false;