[api] check against a sha-1 digest hex length of 40 chars

This commit is contained in:
Bart Van Der Meerssche 2011-03-26 11:06:06 +00:00
parent 285833b1f8
commit 64b67598d7
2 changed files with 20 additions and 14 deletions
server/api/flukso/src

View file

@ -50,11 +50,26 @@ check_version(_, _) ->
{false, false}.
check_sensor(Sensor) ->
check_32hex(Sensor).
check_hex(Sensor, 32).
check_32hex(String) ->
check_token(undefined, undefined) ->
{false, false};
check_token(Token, undefined) ->
check_hex(Token, 32);
check_token(undefined, Token) ->
check_hex(Token, 32);
check_token(_, _) ->
{false, false}.
check_digest(Digest) ->
check_hex(Digest, 40).
check_device(Device) ->
check_hex(Device, 32).
check_hex(String, Length) ->
case re:run(String, "[0-9a-f]+", []) of
{match, [{0,32}]} -> {String, true};
{match, [{0, Length}]} -> {String, true};
_ -> {false, false}
end.
@ -102,15 +117,6 @@ check_unit(Unit) ->
{_Unit, RrdFactor} -> {RrdFactor, true}
end.
check_token(undefined, undefined) ->
{false, false};
check_token(Token, undefined) ->
check_32hex(Token);
check_token(undefined, Token) ->
check_32hex(Token);
check_token(_, _) ->
{false, false}.
check_jsonp_callback(undefined) ->
{undefined, true};
check_jsonp_callback(JsonpCallback) ->

View file

@ -40,8 +40,8 @@ allowed_methods(ReqData, State) ->
malformed_request(ReqData, State) ->
{_Version, ValidVersion} = check_version(wrq:get_req_header("X-Version", ReqData)),
{_Device, ValidDevice} = check_32hex(wrq:get_req_header("X-Device", ReqData)),
{_Digest, ValidDigest} = check_32hex(wrq:get_req_header("X-Digest", ReqData)),
{_Device, ValidDevice} = check_device(wrq:get_req_header("X-Device", ReqData)),
{_Digest, ValidDigest} = check_digest(wrq:get_req_header("X-Digest", ReqData)),
{case {ValidVersion, ValidDevice, ValidDigest} of
{true, true, true} -> false;