Added checks for JSON body in accounts_data endpoint (#863)

Signed-off-by: Prateek Sachan <psachan@cs.iitr.ac.in>
This commit is contained in:
Prateek Sachan 2020-04-11 22:17:05 +05:30 committed by GitHub
parent dacee648f7
commit 317658acea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -15,6 +15,7 @@
package routing
import (
"encoding/json"
"io/ioutil"
"net/http"
@ -80,12 +81,26 @@ func SaveAccountData(
defer req.Body.Close() // nolint: errcheck
if req.Body == http.NoBody {
return util.JSONResponse{
Code: http.StatusBadRequest,
JSON: jsonerror.NotJSON("Content not JSON"),
}
}
body, err := ioutil.ReadAll(req.Body)
if err != nil {
util.GetLogger(req.Context()).WithError(err).Error("ioutil.ReadAll failed")
return jsonerror.InternalServerError()
}
if !json.Valid(body) {
return util.JSONResponse{
Code: http.StatusBadRequest,
JSON: jsonerror.BadJSON("Bad JSON content"),
}
}
if err := accountDB.SaveAccountData(
req.Context(), localpart, roomID, dataType, string(body),
); err != nil {